BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: One for all and all for WHAD: wireless shenanigans m
 ade easy !\n   When: Friday\, Aug 9\, 17:00 - 17:45 PDT\n   Where: LVCC We
 st/Floor 1/Hall 1/Track 2 - [1]Map\n\n   Description:\n\n   A lot of secur
 ity research have recently focused on various wireless\n   communication p
 rotocols\, targeting smartphones\, wireless mice and\n   keyboards and eve
 n cars. In order to demonstrate these attacks\,\n   researchers developed 
 dedicated tools that for most of them include\n   some specialized firmwar
 e of their own but also rely on various unique\n   custom host/device comm
 unication protocols. These tools work great but\n   are strongly tied to s
 ome specific hardware that at some point will\n   not be available anymore
 \, or require hackers to buy more hardware to\n   carry on to have fun wit
 h. Why not making these tools compatible with\n   more hardware ? And why 
 researchers always have to create their own\n   host/device protocol when 
 it comes to using a dedicated hardware ? Why\n   not having one flexible p
 rotocol and related tools to rule them all ?\n\n   We will present in this
  talk WHAD\, a framework that provides an\n   extensible host/device commu
 nication protocol\, dedicated protocol\n   stacks and way more for hackers
  who love having fun with wireless\n   protocols. WHAD makes interoperabil
 ity possible between tools by\n   allowing different hardware devices to b
 e used if they provide the\n   required capabilities\, giving the opportun
 ity to create advanced tools\n   without having to care about the hardware
  and its firmware in most of\n   the cases!\n\n     * [Atlas 2012] Atlas. 
 SubGHz or Bust\, 2012. Available at [2]link.\n\n     * [Blu 2019] Bluetoot
 h SIG. Bluetooth Core Specification\, 2019.\n\n     * [Cauquil 2016] Damie
 n Cauquil. BtleJuice: The Bluetooth Smart MiTM\n       framework. In DEF C
 ON\, volume 24\, 2016.\n\n     * [Cauquil 2017b] Damien Cauquil. Sniffing 
 BTLE with the Micro:Bit.\n       PoC or GTFO\, vol. 17\, pages 13–20\, 2
 017.\n\n     * [Cauquil 2017c] Damien Cauquil. Weaponizing the BBC Micro:B
 it. In\n       DEF CON\, volume 25\, 2017. Available at [3]link.\n\n     *
  [Cauquil 2018] Damien Cauquil. You’d better secure your BLE\n       dev
 ices or we’ll kick your butts ! In DEF CON\, volume 26\, 2018.\n       A
 vailable at [4]link.\n\n     * [Cauquil 2019] Damien Cauquil. Defeating Bl
 uetooth Low Energy 5\n       PRNG for fun and jamming. In DEF CON\, volume
  27\, 2019. Available\n       at [5]link.\n\n     * [Cayre 2019a] Romain C
 ayre\, Vincent Nicomette\, Guillaume Auriol\,\n       Eric Alata\, Mohamed
  Kaâniche and Geraldine Marconato. Mirage:\n       towards a Metasploit-l
 ike framework for IoT. In 2019 IEEE 30th\n       International Symposium o
 n Software Reliability Engineering\n       (ISSRE)\, Berlin\, Germany\, Oc
 tober 2019.\n\n     * [Cayre 2021b] Romain Cayre\, Florent Galtier\, Guill
 aume Auriol\,\n       Vincent Nicomette\, Mohamed Kaâniche and Géraldine
  Marconato.\n       InjectaBLE: Injecting malicious traffic into establish
 ed Bluetooth\n       Low Energy connections. In IEEE/IFIP International Co
 nference on\n       Dependable Systems and Networks (DSN 2021)\, Taipei (v
 irtual)\,\n       Taiwan\, June 2021.\n\n     * [Cayre 2021c] Romain Cayre
 \, Florent Galtier\, Guillaume Auriol\,\n       Vincent Nicomette\, Mohame
 d Kaâniche and Géraldine Marconato.\n       WazaBee: attacking Zigbee ne
 tworks by diverting Bluetooth Low\n       Energy chips. In IEEE/IFIP Inter
 national Conference on Dependable\n       Systems and Networks (DSN 2021)\
 , Taipei (virtual)\, Taiwan\, June\n       2021.\n\n     * [Cayre 2021d] R
 omain Cayre\, Géraldine Marconato\, Florent Galtier\,\n       Mohamed KaÃ
 ¢niche\, Vincent Nicomette and Guillaume Auriol.\n       Cross-protocol at
 tacks: weaponizing a smartphone by diverting its\n       Bluetooth control
 ler. In 14th ACM Conference on Security and\n       Privacy in Wireless an
 d Mobile Networks\, Abu Dhabi\, United Arab\n       Emirates\, June 2021.\
 n\n     * [Cayre 2021e] Romain Cayre\, Damien Cauquil and Aurélien\n     
   Francillon. ESPwn32: hacking with ESP32 system-on-chips.In 17th\n       
 IEEE Workshop on Offensive Technologies (WOOT 2023)\, co-located\n       w
 ith IEEE S&P 2023\, San Francisco\, United States\, May 2023.\n\n     * [G
 oodspeed 2011a] Travis Goodspeed. Promiscuity is the\n       nRF24L01+’s
  Duty. Available at [6]link\, 2011.\n\n     * [IEE 2020] IEEE Standard for
  Low-Rate Wireless Networks. IEEE Std\n       802.15.4 2020 (Revision of I
 EEE Std 802.15.4-2015)\, pages 1–800\,\n       2020.\n\n     * [Jasek 20
 16] SÅ‚awomir Jasek. Gattacking Bluetooth Smart Devices.\n       In BlackH
 at USA\, 2016. Available at [7]link.\n\n     * [LOG 2019] LogiTacker GitHu
 b Repository\, 2019. Available at [8]link\n\n     * [LoR 2017] LoRa Allian
 ce\, Inc. LoRaWan Specification\, 2017.\n\n     * [Newlin 2016a] Marc Newl
 in. MouseJack : White Paper. In DEF CON\,\n       volume 24\, 2016. Availa
 ble at [9]link.\n\n     * [Olawumi 2014] Olayemi Olawumi\, Keijo Haataja\,
  Mikko Asikainen\,\n       Niko Vidgren and Pekka Toivanen. Three practica
 l attacks against\n       ZigBee security: Attack scenario definitions\, p
 ractical\n       experiments\, countermeasures\, and lessons learned. In 2
 014 14th\n       International Conference on Hybrid Intelligent Systems\, 
 pages\n       199–206\, 2014.\n\n     * [Qasim Khan 2019] Sultan Qasim K
 han. Sniffle: A sniffer for\n       Bluetooth 5 (LE)\, 2019. Available at 
 [10]link.\n\n     * [Ryan 2013a] Mike Ryan. Bluetooth: With Low Energy Com
 es Low\n       Security. In 7th USENIX Workshop on Offensive Technologies 
 (WOOT\n       13)\, Washington\, D.C.\, August 2013. USENIX Association.\n
 \n     * [Vidgren 2013a] N. Vidgren\, K. Haataja\, J. L. Patiño-Andres\, 
 J.\n       J. RamÃrez-Sanchis and P. Toivanen. Security Threats in\n      
  ZigBee-Enabled Systems: Vulnerability Evaluation\, Practical\n       Expe
 riments\, Countermeasures\, and Lessons Learned. In 2013 46th\n       Hawa
 ii International Conference on System Sciences\, pages\n       5132–5138
 \, 2013.\n\n     * [Wright 2009] Joshua Wright. KillerBee: Practical ZigBe
 e\n       Exploitation Framework\, 2009. Available at [11]link.\n\n     * 
 [Zillner 2015] T. Zillner. ZigBee Exploited: The good \, the bad\n       a
 nd the ugly. In BlackHat\, 2015.\n\n   Speakers:Damien Cauquil\,Romain Cay
 re\n\n   SpeakerBio:  Damien Cauquil\, Security Engineer at Quarkslab\n\n 
   Damien Cauquil is security engineer at Quarkslab\, France. He loves\n   
 electronics\, embedded devices\, wireless protocols and to hack all of\n  
  these not especially in that order. He authored several Bluetooth Low\n  
  Energy tools like Btlejuice and Btlejack\, discovered a way to hack\n   i
 nto an existing Bluetooth Low Energy connection that has later been\n   im
 proved by his co-speaker Romain Cayre\, and other tools on a lot of\n   di
 fferent topics that tickle his mind but not always related to\n   security
  or wireless protocols.\n\n   SpeakerBio:  Romain Cayre\, Assistant Profes
 sor\, Software and System\n   Security (S3) Group at EURECOM\n\n   Romain 
 Cayre is assistant professor in Software and System Security\n   (S3) grou
 p at EURECOM\, France. He works on topics related to wireless\n   security
 \, IoT security and embedded systems security. He loves hacking\n   embedd
 ed wireless stacks and playing with wireless protocols. In the\n   past\, 
 he worked on several research projects related to wireless\n   hacking\, l
 ike WazaBee (a cross-protocol pivoting attack allowing to\n   receive and 
 transmit arbitrary 802.15.4 packets from a diverted BLE\n   transceiver)\,
  InjectaBLE (an attack allowing to inject arbitrary\n   packets into an on
 going Bluetooth Low Energy connection by leveraging\n   a race condition i
 n the Link Layer clock drift compensation\n   mechanism)\, and OASIS (a de
 fensive framework allowing to generate an\n   embedded detection software 
 and inject it into Bluetooth Low Energy\n   controllers).\n\n   He is also
  the main developer of Mirage\, an offensive framework for\n   wireless co
 mmunication protocols (and a draft to the new framework\n   WHAD !)\n\n   
 '\n\n   1. #LVCCW_Level1_Hall1\n   2. https://media.blackhat.com/bh-us-12/
 Briefings/Atlas/BH_US_12_Atlas_GHZ_Workshop_Slides.pdf\n   3. https://medi
 a.defcon.org/DEFCON25/DEFCON25presentations/DEFCON25-Damien-Cauquil-Weapon
 izing-the-BBC-MicroBit-UPDATED.pdf\n   4. https://media.defcon.org/DEFCON2
 6/DEFCON26presentations/DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-U
 pdated.pdf\n   5. https://media.defcon.org/DEFCON27/DEFCON27presentations/
 DEFCON-27-Damien-Cauquil-Defeating-Bluetooth-Low-Energy-5-PRNG-for-fun-and
 -jamming.PDF\n   6. http://travisgoodspeed.blogspot.com/2011/02/promiscuit
 y-is-nrf24l01s-duty.html\n   7. http://gattack.io/whitepaper.pdf\n   8. ht
 tps://github.com/RoganDawes/LOGITacker\n   9. https://github.com/BastilleR
 esearch/mousejack/blob/master/doc/pdf/DEFCON-24-Marc-Newlin-MouseJack-Inje
 cting-Keystrokes-Into-Wireless-Mice.whitepaper.pdf\n   10. https://hardwea
 r.io/netherlands-2019/presentation/sniffle-talk-hardwear-io-nl-2019.pdf\n 
   11. http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf\n
 \n\n
DTEND:20240810T004500Z
DTSTART:20240810Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 2
SUMMARY:One for all and all for WHAD: wireless shenanigans made easy !
END:VEVENT
END:VCALENDAR