Anti-Forensics for Fun and Privacy - Alissa Gilbert (Shmoocon 2020)

Here's my talk from Shmoo2020; Anti-Forensics for Security and Privacy

I wrote the idea for this talk to help people use and be aware of anti-forensics techniques and draw awareness to the depths of anti-forensic techniques. This talk breaks up the techniques by the level of advisary that one might face. It's the first part of a series, but these talks have been put on hold due to the global health crisis.

Comments

Can I re-magnetize my sensory magnets?

Magnets. I've had sensory magnets installed since November 2016. I bought the magnets and had them installed by Steve Haworth. As of July 2020, you can now buy his magnets for installation elsewhere. https://store.stevehaworth.com/collections/magnets Since then I have been able to notice some key differences, and in 2018 started to notice sensory loss. I have a very large magnet at home, which before was impossible to touch, and now I can rest my right magnet on it. While this is a brief post, I am posting my intention to remagnetise the magnets. I've attempted and gave this up previously, because the process is uncomfortable. However, I must do it in order to keep the magnetic sense. I'm using different sized magnets to move the sensory magnets in my finger to strengthen them and break down some of the scar tissue in my finger to let them move freely. Reps. This is the big magnet I'm using. I found there's two different things I'm trying 1. Running my fin

Can you hack a security checkpoint metal detector? Yeah, we already did.

To get straight to the point - walkthrough metal detectors are a security technology to attempt to detect and thus remove weapons and dangerous items from individuals to make a safe space. What if they were much more fallible than expected? I'm not here to fear-monger either - these problems are preventable with proper use and changed in guidelines. Like many security controls, their exploitation is commonly due to those who implement and monitor them. However, in order to create these changes, more proof-of-concepts and solutions need to be tested. We already have a few to start. The walkthrough metal detector (WTMD) research was not my original idea. It started out of research projects from PHSI and another Garrett 6500i was donated to our lab. This machine was not ours and we did not have permission to modify or conduct digital attacks on the detector. We were supposed to use physical modifications to hide or modify the results of the screening. One colleague in particular

Don't use that APK site!

A whileback, Brock and I were impatiently waiting for WiGLE's beta app update. It was was WiGLE just added bluetooth to their platform and it was a big move for us (was that like, 2 years ago?). I went to get the app from WiGLE, but Brock simply google'd the app and downloaded it. I was unsure how this page was already a google result, and he showed me he downloaded it from another apk site. When I objected, he didn't understand. I explained the dangers Rogue Apps present, but also, I then downloaded it anyway to see if my concerns were justified on an old-lab-phone. Rogue applications are those which are not created and published by the developer. In general, rogue apps are an Android centered issues (and FireOS - ketchup; fancy ketchup). Back in 2018, RSA published a white paper in which 28% of online fraud were rogue apps , and has seen a 300% surge in 2019. Before discussing what's wrong with rogue apps, let's use an example: Instagram's legitimate And

Search This Blog