crypto

Attacking encrypted USB keys the hard(ware) way

Attacking encrypted USB keys the hard(ware) way

Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data.

In this talk, we will present our methodology to assess "secure" USB devices both from the software and the hardware perspectives. We will demonstrate how this methodology works in practice via a set of case-studies. We will demonstrate some of the practical attacks we found during our audit so you will learn what type of vulnerability to look for and how to exploit them. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice

Beyond files recovery: OWADE cloud-based forensic

Beyond files recovery: OWADE cloud-based forensic

You recovered a bunch of files from a used hard drive and now what ?

If you ever wanted to push Windows offline forensic to the next level, come to our talk where we will show you how to use our open source tool OWADE (Offline Windows Analyzer and Data Extractor) to recover many interesting information from a used hard drive including web credentials, instant messaging credentials and user habits information.

We will walk you through the entire recovery chain process and demonstrate how to use OWADE to handle Windows various level of encryption (Syskey, DPAPI…) and extract the maximum information from used drives. OWADE is based on our work on DPAPIck our tool to decrypt DPAPI secrets.

We will present various statistics we computed on the data we gathered from the eBay used hard drive we bought to test and develop OWADE.

At the end of the talk we will release OWADE so you can play with it.

DPAPI : les secrets du moteur de chiffrement de Windows

DPAPI : les secrets du moteur de chiffrement de Windows

es systèmes d’exploitation de Microsoft regorgent d’interfaces de programmation
diverses et variées. Parmi elles, DPAPI, qui permet de chiffrer et déchiffrer les
données jugées sensibles de façon transparente, est restée pendant plus de
10 ans non documentée. Nous vous proposons dans cet article de regarder sous le
capot et de découvrir les secrets du moteur de chiffrement de Windows.