Biohacking: The Invisible Threat

CANCELLED Half-Day Interactive (Online) Training - OWASP New Zealand Day 2022

Abstract

Security professionals won’t allow users into their environment with hacking tools, so how do you address people with implants? People are the attack vector and the tool. The ability to compromise contactless technologies threatens both physical and digital security. How do you stop a Cyber threat from a human?

Course Details

Dates: Wednesday, 6 July 2022

Time: 8:45 a.m. to 12:30 p.m. (NZDT)

Instructor: Len Noe, CyberArk Software

Course Fee: NZ $225.00 (plus GST and ticketing fees)

Registration Site: Registration unavailable - Class Cancelled, due to change in instructor’s availability

Course Description

Biohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies?

I have multiple sub-dermal implants that include a variety of NFC, HID/Prox and RFiD devices. This allows me to become the attack vector. In this workshop, I provide a brief overview of the types of bio-implants on the market and share various case studies on the potential damage malicious biohackers can inflict.

I also demonstrate how I am able to quickly compromise loosely connected devices and open a Reverse TCP shell to a command-and-control (CnC) server, through my attack L3pr@cy, in under three minutes.

Finally, I show how I steal HID Proximity Card Data and write that back to the implant. This avoids any physical evidence of a breach. This also allows me to gain access to data as well as physical access to secured locations.

As security professionals, we must anticipate the unknown. These include any individuals that enter our facilities or are simply around us in public. These types of attacks are becoming more common. A majority of security community are not aware they exist. Discussions on what was once thought to be science-fiction are now science fact.

Through continuing education on Phishing and social engineering attacks, tightening MDM restrictions, endpoint management, behavioral analytics, least privilege and privileged access, we can take preventive measures around the threats we can’t see.

Your Instructor

Len Noe

Len Noe is a White-Hat Hacker and Global Enablement Engineer for CyberArk Software. Together with the CyberArk Global Enablement Engineering team, they are responsible for enabling internal staff and the starting point for escalation for all SEs in the field. They are responsible for the global templates used by all SEs and partners, building new integrations, and use cases for all engineers.

Len is an international security speaker, having presented in over 20 countries and multiple major security conferences worldwide. Prior to 2001, Len was a Black/Grey-Hat Hacker and learned most of his skills by practical application. Len is on the cutting edge of technology, with multiple microchip implants that allow him to become the attack vector against mobile and loosely connected devices.

Len has spent 20 years in the areas of web development, systems engineering / administration, architecture, coding, and the past six years focusing on information security from an attacker’s perspective. He also actively participates in activities of the Information Security communities in Texas, the Autism Society, and many others.