SecDocs Feed for author Don Bailey

[Paper] Carmen Sandiego is On the Run!

Tue, 06 Sep 2011 08:36:21 +0200

Authors: Don Bailey Nick DePetrillo
Tags: intelligence GSM phone
Event: Black Hat USA 2010
Abstract: The global telephone network is often an opaque and muddy environment where many false assumptions of privacy are made by its users. Providers do their best to compartmentalize as much privacy-centric data as possible. However, information must be shared for the sake of network interoperability. The speakers will discuss gaps in privacy protection and how they can be leveraged to expose who you are, your location, and the privacy of those in contact with you. Demonstrations will reveal how location data can be augmented and used in several fashions. First, the speakers will show how information can be leveraged to develop fairly accurate physical boundaries of a particular mobile switching center and how this information changes over time. Second, the speakers will overlay cellular tower data to depict coverage in a particular mobile switching center. Next, the speakers will demonstrate how to visualize an individual traveling across adjacent mobile switching centers and the cell towers they are likely to associate with. Finally, the speakers will demonstrate how known location values for many subscribers can reveal location information for handsets where location information can't be obtained directly. Lastly, the speakers will elaborate on mitigation strategies for these attacks at the subscriber level and potential mitigation strategies for the provider level.

[Slides] Micro Control Attacking uC Applications

Sat, 16 Oct 2010 18:41:00 +0200

Authors: Don Bailey
Tags: hardware hacking microcontroller
Event: Hack In The Box 2010 Malaysia

[Video] Winning the Race to Bare Metal – UEFI Hypervisors

Wed, 23 Jun 2010 06:03:29 +0200

Authors: Martin Mocko Don Bailey
Tags: virtualization hypervisor
Event: Black Hat USA 2008

[Audio] Winning the Race to Bare Metal – UEFI Hypervisors

Wed, 23 Jun 2010 06:03:28 +0200

Authors: Martin Mocko Don Bailey
Tags: virtualization hypervisor
Event: Black Hat USA 2008

[Slides] Winning the Race to Bare Metal – UEFI Hypervisors

Wed, 23 Jun 2010 06:03:26 +0200

Authors: Martin Mocko Don Bailey
Tags: virtualization hypervisor
Event: Black Hat USA 2008

[Paper] Winning the Race to Bare Metal – UEFI Hypervisors

Tue, 22 Jun 2010 14:09:47 +0200

Authors: Martin Mocko Don Bailey
Tags: virtualization hypervisor
Event: Black Hat USA 2008

[Slides] We Found Carmen San Diego

Wed, 26 May 2010 12:45:00 +0200

Authors: Nick DePetrillo Don Bailey
Tags: GSM phone locating
Event: Source Conference Boston 2010
Abstract: Using new resources in concert with new and old telephony tricks, the speakers have been able to successfully track users of GSM mobile phones without direct access to SS7. Though, initially, the granularity of the location information was not fine enough, the speakers have been able to develop effective techniques to supplement the location data. Augmenting this attack is the ability to learn a target user's mobile phone number without the user's knowledge, enhancing the passive nature of the attack. The speakers will elaborate on new real world attack vectors that make these threats both credible and practical. GSM location data in the US is private. However, unscrupulous providers have exposed this data to an international audience, allowing anyone access to this information for a price. The researchers will elaborate on the technical details of how and why the above attacks work, what solutions are possible, and how users can protect themselves.