Luca Bongiorni Relatore
Luca is working as Principal Offensive Security Expert. He is also actively involved in InfoSec, where the main fields of research are: Radio Networks, Reverse Engineering, Hardware Hacking, Antani, Internet of Things and Physical Security. Since 2012 is keeping a closer eye to FSB intelligence operations in Baltic States. Luca é anche un Emiliano DOCG, acaro italico stagionato e socio CLUSIT.
- WHID Injector: How to Bring HID Attacks to the Next Level Since the first public appearance of HID Attacks (i.e. PHUKD, Kautilya, Rubberducky), many awesome researches and results have been published [i.e. Iron HID, Mousejack and the coolest USaBUSe]. Due this increased amount of nifty software, as Pentester and Red-Teamer, I wanted a cheap and dedicated hardware that I could remotely control (i.e. over WiFi or BLE). And this is how WHID was born. Since the inception of my first HID injecting devices (based on Teensy boards), I always faced the need to decide when deliver a certain payload. This was partially achieved by using Irongeek’s photoresistor and dip-switch tricks. However, I soon realized that would be cool the full remote control over a radio channel. At the beginning, years ago, I was thinking to use some cheap 433 MHz TRX modules connected to the Teensy board… sadly due lack of time and other cool projects… this idea was dropped into my awesome-pentesting-tools to-do-list. ???? At this point you are wondering what is behind WHID Injector and what are its capabilities. ???? WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Red-Teamers & Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID was designed and its functionalities. And (Murphy permitting) You will see it in action! ???? - 14:30/15:15, 14 Oct 2017