dc11332Website

Defcon Group DC 11332 Web Site

View on GitHub

Welcome to Defcon group DC11332 (West of France)

Next meeting : Jun 15 from 11 a.m. to 1 p.m. - France Time - (Zoom meeting due to COVID19!)

To participate, you only need to register here - It’s FREE !

The closest you will get to a VM for testing IoT devices. The ARM-X IoT Firmware Emulation Framework is a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation. The talk will conclude with a new dockerized version of ARM-X and features I am working on.

Secure devices support Secure Boot in order to assure the integrity and confidentiality of the software that’s executed. Even if the authentication is bypassed, the decryption still prevents an attacker from easily executing arbitrary code as the decryption key is not known.

In this presentation we explain how we were able to bypass the Encrypted Secure Boot feature of the ESP32 SoC using a single EM glitch. This allowed us to extract the plain-text contents of the external flash without using any software vulnerability and without knowledge of the decryption key.

To participate, you only need to register here - It’s FREE !

to contact us : twitter @dc11332

Past meetings

April 15

If you’ve dreamed of making your own chip, some have just released a PDK (a process design kit) and related resources that should allow you to do just that. The Open Source PDK helps you build a physical, manufacturable chip that does exactly what you designed it to do with no risk of backdoors or ability to create your own NSA like implant inside the chips but @ silicon layer ! ;-) This PDK is the first open source manufacturing process design kit.

Matt will help us to dive in this aera with his electronic designer point of view (not an infosec view), and we, as an infosec community, we can (or not) find applications of this new possibility for our cybersec context.

According to FOSSI Foundation, until today there were two major obstacles to creating custom chips. This is because you had to have access to a PDK from a chip manufacturing company (a foundry), and you also had to have enough money to actually pay for the manufacturing. But now, thanks to this initiative, those days are over. And what sets this PDK apart from previous attempts is the fact that it is manufacturable. Thanks to it, you can actually produce chips with a foundry in the 130nm node !

Un Autonomous System (AS), chez soi ? C’est possible ! On m’a très souvent posé la question de comment j’ai pu avoir un AS(208069) et des IPv6 pour ma Server Room. Aujourd’hui on va donc parler de routage (BGP), d’AS et d’IP. C’est parti !