Hacking in Winter Wonderland

Gruezi (Swiss for “hello”) from the Hashdays conference, together with my colleagues Marta Janus and Marco Preuss, held in beautiful Lucerne in Switzerland . The event is hosted by DEFCON Switzerland, which was founded in 2008. Their mission is to educate in IT security skills and know-how. According to them, the best way to show how to prevent systems from becoming unsecure or getting hacked is to introduce and demosntrate current attack techniques. Additional fact: this is the third edition of the conference and it’s sold out for the first time. This already proves the high quality of the event. Honestly, this is easily one the best conferences I attended so far. The quality of both the content and the delivering has been outstanding so far. I can recommend anyone interested in IT security taking part in it.

The conference is much smaller compared to DEFCON in Las Vegas, making the atmosphere way more personal. However, some ideas from its brother event in Nevada got adopted. For example the badge: it’s a laser engraved acrylic plate with a screwed on arduino UNO R3 board. They are also selling additional modules like base kits, matrix LED sets in different sizes, alcohol breath analysis and temperature/humidity checking modules. For people who never played with Arduino, workshops are offered as well, to get the basics and be able to play with it. It’s a nice way of interacting with both hardware and software, making it great fun. The infamous wall of sheep also made its way to Switzerland. You really don’t want to have your login credentials displayed there. Always use VPN or other encrypted ways when you’re using WiFi here!

Hashdays’ badge, a beauty! (And yes, they have Club Mate as well!)

This is Marc Hauser giving a talk about his research in IPv6 (in)security

Aside from the talks, there are also contests and side projects. The Arduino badge serves as a platform for two different contests. First it gives a hint for the winning six character password – also a nice tribute to DEFCON in Vegas. Secondly, it’s the core of the badge hacking contest where all participants are called for extending and programming it in a creative and outstanding way.

Now’s the fun part, we’re now off for the party, cheers!

Hacking in Winter Wonderland

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox