Список тренінгів, які відбудуться на конференції NoNameCon 2019
TechMaker Car Hacking Training (Language: Ukrainian)This comprehensive training program covers key attack vectors of a modern car.
Modern cars are equipped with hundreds of ECUs, and the number keeps rising up. All these modules inside vehicles are interconnected using CAN bus. Recently, with the addition of various connected services, a lot of security issues start to emerge as CAN bus was not engineered for operation in such conditions. In the training, we will overview of modern car electronics systems, talk about CAN bus operation theory and discuss various security issues and key attack vectors. We will get to principles behind CAN bus reverse engineering, review various hacking tools & software, and, of course, get to try the learned techniques on a real car.
- CANbus sniffers, hardware + firmware + desktop utils and protocols
- ISO-TP, XCP, UDS
- Desktop utilities: can-utils, SavvyCAN, caringcaribou
- IVI systems and their attack surface
- Practice on a real car
- Extra! Software Defined Radio and keyfobs
- Extra! Upgrading NoNameBadge to fully featured wireless carhacking device
DNS Intelligence (Language: Russian)Full training description
DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. In this training we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.
This is a training on the usage of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type of products. In this training we will focus on hands on labs while covering also some theory and history of DNS.
- RECAP - DNS overview
- Gathering data using DNS
- Overview of whois information and effects of GDPR
- Overview of passive DNS (pDNS)
- Advanced “Research” Topics
- Malicious domain detection
- And more
- Basic scripting (Bash/Python)
- Basic understanding of networking and malware life cycle
- Running bash / connecting to ssh
- Running VMs