Great content. Tips: 1. Make sure your demo works (and doesn't inject F1 for help each time) 2. SLOW down (But this is a common issue within the hacking community that I've seen...it seems the faster you talk the smarter you think you appear) 3. Echo questions from the audience back before answering 4. Watch word repetition (so, actually, literally) That being said, I'd probably freeze up on-stage. ;)

This was my first Defcon and was in this audience, it was awesome.

@fatman7064

7 жыл бұрын

Frosty Did you bring your phone/wallet with you? I'd be scared shitless if I were 10 miles close to these guys.

@BlxckBaron

7 жыл бұрын

Mr Rustles i heard people just turn the Bluetooth and phone off

@Frosty-oj6hw

7 жыл бұрын

I did take my phone and wallet, I put my phone into airplane mode while I was there.

@Frosty-oj6hw

7 жыл бұрын

Biggest tip for organization is get the defcon app that allows you to see the schedule of all talks and events. Book way early for events like the shooting range, it'll be full months before the con. Attend the 101 track they give you all the other tips you'll need there. Oh and it runs across 4 days but basically nothing actually happens on day 1 you can get your badge but pretty much everything is closed.

This video is a goldmine of information. Thank you very much, the FAQ in the end was awesome too.

This man is a rebel with a cause. There's a podcast about it, if you don't believe me (Hidden Brain). I have so many positive words to say about this man. Weston, you should probably practice your talks so people believe in you more! But anyone who doesn't know him, trust him. He's a legitimate genius.

I thought his shirt said "I Love My Wi-Fi"..... XD

@nicksmith6629

8 жыл бұрын

that would've been way better

@andredaoust6034

7 жыл бұрын

"Where can I find some wifi bro?" "All around the campus" XD (22 Jump Street)

@blackneos940

7 жыл бұрын

Nick Smith I know, right.....? :D

@blackneos940

7 жыл бұрын

Andre Daoust I don't think I've seen that Movie before..... :)

@wastedspam385

7 жыл бұрын

I thought it read; "I love my Waifu"

as I said on Twitter this is an awesome example of taking someone's work and expanding on it (i.e. Sam's magspoof repurposed) so we can learn more.

I found a similar non-hack a bit more than Ten years ago. My fiance' purchased on of those pre-pay credit cards from CardCo that u buy if you don't have a bank or credit card. When you buy gas and do a pay at the pump CardCo authorizes and dings you$100.00 then refunds the difference later. I bought $20.00 in gas knowing what I'd be $80.00 down until my refund. The next day I check to see if I got my refund and found that they refunded MY$80.00 a mere second later AND then refunded the full $100.00 as well. I was scared s#!bless until I recalled that the card was absolutely not connected to ANYONE at all much less me. I figured wow I made $100.00 and told my wife we were going out for dinner. She questioned where I got a the hundred dollars I claimed to have. I told her what happened she got scared and checked the card on her throw away phone only to tell me we gained $180.00. The reader Authorized but NEVER dinged the hundred dollars, but did do the 80 refund then also gave us the 100 cuz the transaction "didn't happen". Wow I found out the next day it did it again. Every time I bought gas at that franchise in that state this happened. The less I bought the more money we got. So I put $3.00 in every day until the tank was full then started having co-workers drive me to jobs saying I'd buy the gas . Made a few grand unit one day it stopped. And that was Okay. Sorry CardCo but Karma is a bitch. A big happy beeyach gunning for you CardCo.

His wife makes him wear that t-shirt.

@westonhecker

8 жыл бұрын

lol yes she does :-)

@AshtonSnapp

8 жыл бұрын

+weston hecker Are you the guy in this talk?

@westonhecker

8 жыл бұрын

Yes This was one of the talks from this year

@darrenhowarth3889

7 жыл бұрын

No you haven't. This link is for some game.

@Johnwww07

6 жыл бұрын

Darren Howarth you really visiter a link under this video? Hahah

CAN'T FUCKING WAIT FOR ALL THE TALKS

My university's cardreaders are just our account numbers... If you swipe it instead of entering text into a field it just types the number.....

you needs to change a couple of component's on the mp3 player to impedance match the coil to the speaker/headphone driver output, then you get no burnouts

nothing like watching your company install vulnerable POS systems and having nothing you can do about it. still makes me grind my teeth when the next thing i warned about becomes public

Great content, but the presentation was quite disjunctive. I had a hard time following what subject you were talking about. When I did key in, it was great work. Thanks for the talk. Also, laughing during a talk is fine, but be more confident. The nervous chuckle was distracting.

One thing - I used to install POS systems. Most retailers will go for the very least expensive hardware. And most of the time there's not much security in the least expensive things. Oh and the other thing - they tend to hold on to that hardware for a VERY long time. And another vector is the bar code reader attached to many POS systems. They'll accept all sorts of different bar code formats too. All depends on how they were setup. And this particularly more acute with self checkout these days.

@deanvangreunen6457

9 ай бұрын

Plus you can configure the bar code scanners with the config codes for said Bar code models. Plus most stores will use the same models for all cashier machines

@deanvangreunen6457

9 ай бұрын

So self checkout, you can checkout and pay, then enter the barcode into into configuration mode, before you leave the store, it will leave them clueless on why it's not working 😂😂😂😂

@BxhsVshg

9 ай бұрын

It all depends on data stuffing. 😂😂What do you think the scammer can benefit from?@@deanvangreunen6457

My first video of this season :D

Where the hell do you learn all of this?????

Great talk ! !

@westonhecker

7 жыл бұрын

Thanks

Well here we go again

its too bad the demo didnt go as smooth as i could have, but even so, excellent talk!

FINALLY!

I'm a security guard and we use this thing called a "toco wand" and we press buttons placed around the post. I'm sure there is a way to spoof this data?

@dergrammarfuhrer1901

7 жыл бұрын

I wondered the same when I was working in security, you can find datasheets for the buttons (called iButtons) if you google "ds1996 ibutton datasheet", I've not looked into it a great deal but the information on their design and operation is pretty widely available so it probably wouldn't be too hard if you know what you're doing. You can also buy a reader for 30 USD if you want to take the easy route (google "blue dot receptor") but it needs a USB adaptor that costs more than the thing itself, so you're looking at around 60USD, and I'm still not sure about software

*Finally here!*

wount dare digitally piss anybody here,the wifi here must be the most dangerous place on earth, lol

So couldn't you use the card reader to inject keystrokes to load the malware via URL?

@blanemangraford4747

7 жыл бұрын

Yea that's what his demo at the end was going to be but internet at DC sucks.

I was watching a series on KZread that showed how to open doors without picking locks. They talked about how the glass doors in California usually had gaps in them that you could push a tool through to unlock it, or how to use cigarette smoke or compressed air to open a door with a sensor. I cannot seem to locate the series now. Anyone know the name of the series, it is simiar to Def Con but I only saw one of the vids in the series.

@silox2000

4 жыл бұрын

I think you're looking for this, it's what led me to this video: kzread.info/dash/bejne/pKKhxbSNnre0c5s.html

@poomoneygreen9510

2 жыл бұрын

It's called "I'll let myself in".

What's with the video speed? Video/Audio is in sync, but clearly speed up maybe 1.25x speed. Great presentation!

@westonhecker

7 жыл бұрын

Yea i drank a Rockstar before i went on stage I dont think they added any speed.

is it me or this video is playing at 1.5x??

IT'S HAPPENING! :D

@TheFerdi265

8 жыл бұрын

DC24 Talk time!

@christi_L

8 жыл бұрын

FINALLY, this is all I have been wanting for weeks.

@bushcrafthippie

8 жыл бұрын

saaaaaaaaaaaaame

this guy's nickname should be beavis

interesting talk

I know this was 2016, but why not use an arduino, raspberry pi, shit a cheap laptop even & NFC microprocessor instead of a brand new phone for NFC pen testing NFC enabled phones are much cheaper today so it’s not really an issue but I am sure there were microprocessors fitting with the arduino, USB enabled devices and more than worked with NFC

i've looked at alot of the hotel key locks and they are not compatible with sammy kamkars hotel hack.

@westonhecker

8 жыл бұрын

Most of them that dont work just require a heavy piece of paper in the slot.

@Raw-L

8 жыл бұрын

+weston hecker Question do those shirts cost a pair of balls

@westonhecker

8 жыл бұрын

Lol nope it was just a shout out to the lady that puts up with me :-)

@Raw-L

8 жыл бұрын

+weston hecker lol just giving you a hard time must be nice to be blessed with a great job and family

@westonhecker

8 жыл бұрын

lol it you can find a lady who will not get mad when you bring an ATM home keep her lol its all good man.

its time to feel like neo

What's the actually/literally count?

@havnt3782

7 жыл бұрын

acrosst

Enjoyed the talk but honestly every PowerPoint slide with text reads awful lol

PMS i thought by reading the tombnail he was going to talk about his wife PMS.

what about source of knowledge online contet? still waiting :/

@westonhecker

8 жыл бұрын

Ill get the demo loaded of the driveby attack. It worked in my room before i went of stage :-(

@mohamedamgad5622

8 жыл бұрын

+weston hecker very good talk man

@donaldlim1855

7 жыл бұрын

weston hecker

So much actually.

man I never knew Hugh Laurie knew so much about hacking

So, uh, yeah. Um, yeah.

Okay then... switching to cash for EVERYTHING from now on. lol

Neat stuff, gotta work on that presentation style though. You said "so" about every 5th word! :)

@chrisrawls668

7 жыл бұрын

Unexplained Stories Definitely not the worst Defcon presentation I've seen though.

As far as I've seen, this local Restaurant where I live still uses Windows XP for their PoS..... :) They should at *LEAST* use Windows 7, if not Linux....... :D

@PaulBadman

8 жыл бұрын

Funny you say that,I was working for MOJ over here in the UK and I was supprised to see that all of the prisons I would work with would use XP.I was let go after I told them it's a massive security risk.They also used to leave the doors to the server room unlocked so if anyone managed to talk their way in to the building they would be fucked....It's crazy how people don't care about things like this they always assume it just won't happen to them.FYI don't know if i'm supposed to say this but there is no security checks for IT engineers going in and out of prisons every now and then we would get calls from engineers that would ask me to call the prison office to let them know they're on site they could of been anyone we would have no knowledge of this and niether did the site. we would just get them buzzed in,It was fucked

@blackneos940

8 жыл бұрын

Paul Badman Wow..... :D Sounds like you worked for some real incompetent people..... :) In the US, we had Enron, who screwed it's Employees over *BIG* time....... :\

@funkydunky1671

8 жыл бұрын

embedded windows xp is still somewhat supported for additional fee. the cost of replacing that is more than the estimated risk. but that estimation quickly changes when the shit hits the fan.

@blackneos940

8 жыл бұрын

Sernioum Deoiumnasderi Indeed it does..... :\ I'm just glad I use Linux..... :D I helped a guy switch over to it, and he uses it for his Business now..... ;D

@hotfreshrider

7 жыл бұрын

I did restaurant management support for a well known burger outlet, we had VNC access to every POS, they were all running XP embedded. Some of the scripts (.bat) we came up with were very powerful at automating our jobs and getting the manager off the phone in the shortest time possible! I left when nobody could see we should have only been dealing with hardware failure, not software workarounds/manager laziness. The company its self (outsourced) was clueless which didn't help - they bid too low for the contract.

I've run into the refund to the wrong card thing before. i could write a book about the insane POS shit i've seen. fucking POS systems...

tough crowd

You can kind of tell that he isnt disclosing or being obvious with all of the information his research has found. He only touches on some of the things that POS are vulnerable too, and he doesn't go in depth or is putting things in too plain of English, mostly, I think, because he thinks the information would be exploited too easily if it was known..

nothing new. the info was pretty obvious for those who worked with this systems and cared to know the guts of *how* it worked.

@nicksmith6629

8 жыл бұрын

I think that is a major aspect you point out, not many people care. they do their job and go home, they are not enthusiasts by any means, they are doing what they are doing for job security and $. The shit I've seen people let slide and the fact that many do not update any knowledge besides what a company provides, and I work at lovely AT&T =/ they have their own entire investigation/police unit - yet their security surprisingly sucks

@viviandarkbloom6794

4 жыл бұрын

cool, where's your video explaining the fundamentals of the space to a general audience in

10:00

A-C-R-O-S-S no T or D anywhere!

Im gona load the DEMO that Failed DAMN 4g in vegas !!!!

@nazerbs

8 жыл бұрын

Hey, I was interested in getting started with this. You mention msr103s however I can't seem to find anything with that name online. Is there another name for them?

@antimattercarp2720

8 жыл бұрын

Try Magnetic Strip Reader instead of msr

@westonhecker

8 жыл бұрын

"MSR90 USB Magnetic Credit Card Reader Stripe Swipe Magstripe Scanner 3 Tracks Mini Smart Card Reader MSR605 MSR606 Deftun" the MSR 103 product number is vendor specific here is the first one aside from msr605 which is a reader and writer

@westonhecker

4 жыл бұрын

@@nazerbs MSR 605 is the big read and write so the little ones are 103 model it was a Chinese clone.

you're at hotacking hotel keys

low profile piece of 70 lb. paper ...?

@westonhecker

4 жыл бұрын

70 lb paper is crafting paper its almost cardboard.

as seen in Mr. Robot

@westonhecker

8 жыл бұрын

Yea i noticed the square reader and magspoofer set up :-)

@shortcutDJ

8 жыл бұрын

i say this with the most upmost respect: you are sick dude!

so

Do Not have a drinking game for the word actually.

@westonhecker

6 жыл бұрын

Mannerisms come out when people are on stage infront of 4000+ people.

17:45 I *think* I know what point you intended to make, but... you really missed it

@westonhecker

7 жыл бұрын

Explain?

He says "heh" way to much xd

fiballyyyyyy

this dude is coked out. !

@blanemangraford4747

7 жыл бұрын

Nope its just Rockstar Energy

@markc3719

7 жыл бұрын

yeah no kidding. dude is talking at 50words per second.

@MrStaples441

7 жыл бұрын

had this thought, but really enjoyed the talk. It seems its just a personality thing LOL

@bryangayer1970

6 жыл бұрын

speed

@westonhecker

6 жыл бұрын

Lol drank two rockstars that morning

parts from china should be U.S.A

and uh so yeah so and so. yeah. so.

@westonhecker

7 жыл бұрын

Its nurv racking on stage infront of 3000-4000 hackers some of the speaking ticks come out.

What's so special about this? He didn't write any drivers or kernel exploits. I doubt he even knows OS design.... Cert kiddies.

@westonhecker

7 жыл бұрын

I do alot of exploits. people just dont want to hear talks about single product xploits anymore :-( I loved some of the old raw tech talks on Defcons past. And I did have to reverse alot of Drivers which is harder than making them

Awesome topic, horrible presentation style (speaker seems bored and "above" his crowd), even worse T-Shirt (though I admire the balls one needs to wear that abomination in public). Thanks for the talk anyway. Smart stuff !

@westonhecker

6 жыл бұрын

Thanks

Great topic. Worst presenter ever. He brags he "does a lot of talks", and yet It's impossible to listen to him with all "uhm actually and yea hehe so basicaly hehe hm uuuhm and yea so". Also, he didn't even bother to credit Samy's work properly. It's MagSpoof, not MagSpoofer.

@westonhecker

6 жыл бұрын

Thanks for the feedback. Its very stressful for tech guys to talk in front of groups of 5000 experts . my biggest thing with big crowds is making sure i use the proper term which is taxing to do when your on stage. Thanks for the feedback.

A horribly bad speech! And a very bad presentation!

@westonhecker

6 жыл бұрын

Always like feedback let a person know how they could do it better.