Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?

Video Statistics and Information

Video
Captions Word Cloud
Captions
the next session is pulling the curtain on airport security and your speaker is delirious thank you yeah everyone really glad to be here I don't know if everyone knows I was actually hospitalized a couple weeks ago and if I was gonna make it out but made it out survive owner gave me support really thank you normally when you go through a presentation like this I don't mind if people raise your hand in the middle of talk but I have a lot of slides here because there's a llama Tyrael and so if we can just hold all the questions to the ANA I'd really appreciate that so this is probably the alternative title for this talk here how you put on no-fly lists so about me pretty much this average Joe I like ICS embedded medical devices I find them really cool I travel a lot spend a lot of time in airports which kind of spurred all this stuff but I want to talk about a little bit about my time in the Marine Corps there's a lieutenant and Marine Corps officer in marine corps I'm a captain but a lot of times new I go to airport screening checkpoints and it kind of reminds me of when I was an officer candidate school but the one difference is that I only get yelled at when I have Gatorade in my hand all right so but there's a couple lessons that I learned as a lieutenant and probably one of the most important ones was hey if it's important trust what people are telling you but verify right and so I kind of want to hold that theme throughout this entire presentation and I also want to talk a little bit about the TSA so they about 50,000 people at foreign airports across the nation now this is not just stats I made up you can actually verify this on budget House gov we have a budget of seven point three nine billion dollars in 2014 so they get two billion dollars a year for offsetting collections essentially the stuff that you pay when you go through an airports whether you're a citizen or not doesn't matter when you buy airplane ticket you're paying for TSA so and by law they have to spend the first 250 million on passenger security fees on airport facility modifications and equipment right so 250 million dollars a year they have to spend on facility modifications and security equipment so as opposed to me I'm one guy I have no budget I have I have more than one laptop on my nav laptop a couple laptops some desktops so but no one funded this my company did not give me a year off to do the research or anything like that basically just did on my own time with my own money what that really means is anyone can do this so but most of this stuff from eBay took it apart myself did in my home office my wife screamed at me sometimes my kids tried to play with some of this stuff I told them not to but at the end of the day really anyone can do this and if you're actually funded and really took the time to kind of understand these systems probably understand it better than I would so and also disclosure so we're gonna go over a lot of issues here and I talk to a lot of folks but more importantly all this stuff we report at DHS more than six six months ago so in fact some of the issues here were reported more than a year ago so plenty of times it's not something that we worked on last week and I want to go over some of the response to because I found it kind of funny I initially didn't have this slider here but I just want to show you some of the response we had sir the first ones from the TSA when we first reported one issue almost almost a year ago they said our software cannot be hacked or fooled so I said okay that's pretty it's pretty comforting that's good so and for the latest ones they said we add our own software and protections so I thought that's pretty cool your own protections one of the vendors is just silence they sit even respond so and then we actually spoke with someone from Morpho who makes Itemizer which is one of devices were going to talk about we spoke with him last week they gave me one call with the engineers and I don't think they're ever gonna do that ever again but they did send their PR guy out here so if you have questions about the device or never I think he's in attendance so that's kind of cool and so actually one talk about scenarios about the custom defenses that we're talking about here so there's basically two scenarios that I think you know because you know people are like well the TSA is saying they have custom defenses and the software that they have doesn't have these vulnerabilities I'm like okay I was like I think this TSA doesn't really know about the security issues in their software that's what I think it's like but maybe they do have this leet security team that knows about all these vulnerabilities that I'm about to present here maybe they've already solved these issues they have their custom defenses for all the stuff that I'm about to present which means that they knew about the security issues develop custom fixes and defenses like they said they had but they never told the vendors so in fact some of the stuff is actually exposed on internet we're gonna talk about that but that also means that they're hoarding embedded zero-day vulnerabilities I think it's for the day that they transition from TSA to NSA but I can't actually verify that right but if they do have custom defenses for the debt for the vulnerabilities we're going to talk about they're actually leaving a lot of other organizations exposed so if they've developed custom defenses for the stuff that we're talking about I really hope that they would share that with other organizations especially their sister organizations in the government that are using some of this software and hardware as well so but I think it's scenario one possibly maybe scenario two I don't know so but what I can tell you is the way they do security is actually very regimented so that's very very important if you want to understand how security is done at airport screen choice a screening checkpoint so they have these documents essentially that outline what it is they're supposed to do at an airport screening checkpoint this is not a field supervisor decision the guy at the at the airport itself that's in charge the manager or the guy with the bar on the shoulder or whatever they don't make the decision as to how to layout the checkpoint so it's in these documents essentially these document you can find on the internet so it's not some special doctor that I got in a special way or anything like that you can actually download this document internet internet right now and look at it 153 pages so it's a it's a huge document and it is very very detailed as to what has to happen at these security checkpoints so the way that they're laid out is not an accident it is not the job of the supervisor to use it is defined to them how they need to do this in very excruciating detail so even the podium that you walk up to has to meet certain dimensions it has to be this wide it has to be this tall it has to be in this way it has to be put in this place they really don't leave any room for the supervisor agent on the floor to make any of these decisions even the bins even the bins have requirements that have to be met right so that's very important when we're trying to understand how security is done at airport screening checkpoint and what's more important is the equipment so it's not like they can just pick any random pieces of equipment and say I think it's a really cool piece of equipment we should put this at a checkpoint because it's cool what happens is they actually tell you which devices you have to have at the checkpoints and there they are so see that little the white device that's a second in the middle right there that has a big screen we're going to talk about that device and then we're going to talk about this other device where the guys kind of with his outstretched hand there it's a time clock so but there's specific ones right so it's very important and and by the way the time clock has to be maximum 54 inches off the ground and a minimum of nine inches so but they also talk about the IT requirements as well so this is important as well so for every piece of equipment inside this document it tells you hey you have to have this many drops they have to be cat 5 or cat 6 they have to go to this place it has to be done in this way no more no more than this length and so on and so on so on so very very specific in fact it tells people how to network them this is a networking diagram from that document right so we see that there is a patch panel someplace at airport security screening checkpoint everything's got to be networked to it and this is the way you network everything to it so whether it's the podium whether it's the Cronus clock that we're going to talk about whether it's the explosive trace detection that we're going to talk about whether it's the x-ray machine that we're going to talk about all this stuff has to be on a network in a specific way with specific requirements and basically deployed in a specific way in a configuration this is not up to the field supervisor has to be done this way for every single airport that's very important to understand so there's also other basically initiatives that they have essentially to network everything they want one giant network for all the passenger screening devices that's important to understand as well so this is initiative that it was kicked off in 2010 so that network that they have they call it TSA net I'm not going to talk too much about TSA net because I've never gained access to TSA net because if I did I'd probably be in jail but um there's another concept that they have a called category of airports so the the biggest airports the United States are called category X airports so any airport that you can think of that of decent size is ply a category X airport the important piece of that is they're all networked together it's very important to understand that and so when they say all our stuffs not networked just off the network whatever next time you walk through a security checkpoint look down onto devices you'll see that they're actually connected to a network you'll see network cables there so maybe not all the devices but eventually they probably all will be so and then before we continue I want to give a quick lesson on backdoors so at some point in time there's a guy that said Jim I can't believe there's this girl standing over there and you're telling them all about our back doors and and Jim says mr. Potato Head mr. Potato Head back doors are not secrets it's like yeah but you're giving away all our best tricks I said they're not tricks if you actually have the DVD for wargames and you replay the scene with the volume really loud Jim actually says mr. Potato Head mr. Potato Head thanks to software like I'd approve a backdoor not secrets so when you think about backdoors and how they get put in place a lot of times what people say is hey a backdoor is code put in by a malicious actor in order to gain persistence or access to a particular device right so I have never seen that with any of the screen devices I looked at I looked at a lot of medical devices I haven't seen that there I looked at some ICS devices I haven't seen that there as well so but what I have seen are debugging accounts where a manufacturer will create a device and during the creation of the device or the creation of the software they create an account that has a lot of privileges because they're using it for debugging and maybe they publish the device or put the device into production and they forgot to disable that account or some interface that's used for debugging so that's not as common as what we normally see though which is what we call service or technician passwords so I'm going to talk about service and technician passwords here so technician password service passwords very common embedded devices those are backdoors those are backdoor passwords why are they backdoor passwords because they're often hard-coded into software we're going to we're going to show some examples of that here in a second so sometimes the application that runs on this device whatever depends on that password to be there it will not work if the password has changed or modified in any way so how are these passwords different than other stuff well let's talk about how they get there so if I'm a vendor of a device let's not even talk about security screening stuff let's say you want home automation I want a really cool sprinkler system that waters when my grass needs water all right automatically I want it to be really cool and I want to check the status on my iPhone so normally what people will do is they will not go out and buy the components for this and install it themselves they won't call someone and say hey I need you to cut sheetrock install these cool sensors in my house install this central controlling thing and I need this thing to be accessible via my iPhone and someone will roll out there and do the installation and so sometimes that's the manufacturer sometimes that's someone else we call those people an integrator and so what the manufacturer does is they think we're gonna install these devices we don't want to deal with the hassle of asking the user like do you remember what the password is for this or did you ever change the password for this or do you remember how to get access to this or why did you change this thing they don't want to deal with that so what they end up doing in anticipation of doing service and maintenance in the future there's a lot of them just hard code a username and password in the device in the software itself so when their technician shows up they can say I already know what the password is for this device I don't need to ask anyone I can use this username and password I'll gain access to device right away I can do service in maintenance so that's how these passwords get into devices it's actually very common in a better world I don't know why but it is so the reason this is different from other vulnerabilities like hey I could do reverse engineering find a buffer overflow the reason this is different from like let's say a buffer overflow is I've never seen someone take a dependency on a buffer overflow but there are multiple dependencies on backdoor passwords so for example if you're an organization that has a backdoor password in your meta device you probably have technicians soft run a technician laptop that depends on that backdoor password in order to service that device that'll do the authentication for you you probably have training for your technicians to tell them what that backdoor password is and your technicians in the field probably know what that backdoor password is and if you change that you actually have to change these business processes as well you have to change your training documentation you might have to change a laptop software that you have for your technicians you might have to update all your technicians in the field and make sure that they know what the new password is and they also have to know what the old password is because maybe there might be some device that's not updated they still need to gain access to that so you have this business dependency on this backdoor now and that's why they're so dangerous the business that put the backdoor in place has a dependency on that backdoor so and that's why this is a little bit different than other security vulnerabilities but the problem is that once someone else discovers the technician password it's a backdoor password right I'm not a technician I don't service you know passenger screening equipment but I know the passwords to these devices now so and that's extremely dangerous in most cases they actually can't be changed by the end-user you cannot change some of these passwords I'll give an example of that here in the future and then um and then once the initial work is completed like once I buy a device and get a password or back to our password out of a device usually scales it usually works on every other single device of that make and model sometimes it works on the other other devices of other other different makes and models if they have a dependency on a particular component I'm looking at so it's for it scales really well and so that leads us to the first device that we're going to talk about the first device that we're going to talk about is rep scan 522 B it's a little bit of a older x-ray x-ray scanner and but I think there's some important lessons to learn here the version that I got is actually running Windows 98 I was like oh man this is crazy so but talking to the vendor they've upgraded and now runs Windows XP so that's not a joke so when an operator when a TSA agent or screener logged in to this machine this is a login screen that they see so it's pretty cool if you look at some of the configuration files they have their passwords and this is actual like service password for the Raps scan 522 B right so just straight up and system information it's like oh yeah here you go you need this right here right so like okay that's pretty interesting there's another piece of software actually that's on here that's called tip and so you know when you and when you run the tip you basically enter an ID and a password it's like hey how do you know what the ID and password was because there's a bunch of files that have IDs and passwords in clear-text as well right so you know but that's not so bad because you usually have to have access to device to understand what that is so what if you didn't have an ID and a password like how could you gain access this device right so I was just like throwing random stuff out there and I threw this through this at the login screen and I get this error it's a data integrity problem the users record and then it's like I'll just log you in alright so that's very crazy yeah so this is basically the pseudo code it's like hey check the password if authenticate else fail but hey if there's ever an error show an error message an authenticated user all right so that's pretty crazy and then once you get access as a non user or whatever that is you can actually look up the passwords for the other users right so a lot of the integrity in logging is definitely gone this device so it's like oh man put in here what happened here right so and then we're gonna actually talk about what that software does it's called tip right so I'm guessing that the frequency of threats coming through hand-carried luggage it's probably pretty low and someone had this bright idea they said you know we should do we should test our screeners to make sure that they're really good and so we wrote this software that basically allows us to inject threats into people's luggage and if the TSA sees the threat and pushes the button then you see the green happy sign over there that says hit you discovered a fictional threat you're awesome and if the gun goes by and they don't detect it then they get the bad sign the red one it says you suck you missed right so in the way that it works is essentially they have categories of threats like bombs guns all sorts of stuff and there's essentially a configuration file and that's one of the configuration files for 32 caliber chain gun right keychain gun and then they have images which are put into the screeners view right so overlay it into someone else's luggage so this is probably a reason why you get randomly screen or like it when you look in your bag right and there's nothing there unless there's gator right there then they freak out so but um Mike who did the threat model on this right like you have software that's really crappy can't really do authentication that allows you to modify the screen that the screener is looking at by design right so kind of crazy but I guess TSA found out too because they cancelled the contract with this vendor actually Rapiscan and this is public knowledge and this is what they says is a quote actually they say has strict requirements that all vendors must meet for security effectiveness and efficiency it does not tolerate any violation of contract obligations TSA responsible to safety of security of nearly 2 million travelers screen each day like man that's pretty powerful so and then there's some more quotes I think these came from Congress and they're like what we found out is there's this foreign made par and rapid scan x-ray scanners and I'm like that sounds pretty bad and apparently the foreign made part was manufactured in People's Republic of China alright so my who okay yeah and then we find out that like hey that foreign made part was a simple electrical item but no moving parts or software and then we find out that like the foreign aid Palmer is actually an x-ray light bulb Oh Mike Wow all this over a light bulb right it must be pretty hardcore so that leads us to the next device we're going to talk about so it's this device here it's called Chronos so this is actually a Cronus at an airport so and if we go back to that document it is like the approved time clock for TSA right it's a networked into their network for all the pastor screening devices and so that's my current right there that I bought like wow that's very very similar right so it's cool so I pop this thing open that's the first thing I always do you right take the case open look at the guts see what's going on in there it's like how this board's pretty beautiful I like this is really cool and then I flip it over like oh I'm and it's main bourse like made in China Wow so light bulb main board light bulb main board all on the same network like I know it's kind of interesting so but there's a mother interesting stuff too so it's a PowerPC throne vxworks has FTP listening as telnet listening has a webserver listening that's the server banner and when you browse to it it basically does a dub dub dub authenticate basic realm a browser right so that's how you kind of fingerprint this thing if you wanted to look for it if you log in to the device this is basically what you get you get a shell if you tell that into it right so it's got a lot of weird stuff on the left-hand side are all the devs devices probably most important is number three which is a flash 0 that's actually the file system for this device and then there's some other commands you know they kind of get weird like if show is actually kind of the ifconfig and the source stuff so and then you know as we look around we see this application directory and the application directory has a jar file and I was like dude this thing has Java and so I think it was the one time I was actually happy that Java was installed on machine because it means that if you do want to exploit this device you don't have to write PowerPC exports it gives a strike job exploits and called Chavez so pretty straightforward so in a configuration file there's a username password right you're like oh this is not good so and this is a you know the top line there the boot line is basically how it takes the compressed elf file and then expands all the operating system right or that OS is pretty cool and then it's like hey I got to choose a password here you should probably use but if we look deeper actually into the application code we see that the application actually depends on that username and password to be there so if you were smart and you're like you know what I'm just going to change it I don't care I'm gonna go ahead and tell that in and I'm gonna change that password the application will actually break the application depends on that password to be there this file is actually from a maintenance file for a service technician so and then knowing what we know about the actual banner we can take a look on the internet and see if there's any of these on the Internet if I found one San Francisco Airport or like well man I fly out of SFO a lot so about four months ago and contacted DHS DHS actually helped me get this one taken offline so you can browse to the IP address there's nothing there but it was there and if you go to show Dan I think this artifact is actually still in there so we know that San Francisco Airport has Chronos online at some point in time so so we basically have a backdoor for FTP and telnet it's in two different places probably in a lot more places but we know that it's in a configuration file that basically when the OS gets expanded we also know that it's in another file called validation probably maintenance validation and a class file within the hem am jar which is the application that actually runs to scan all sorts of stuff there's also a web backdoor I think it's mainly a read-only so it's not big of a deal but there's 6,000 of these on the internet right now so except for the TSA once they have custom defenses against this so so here's a thought-form eight main board tsa net which can track TSA personnel on the floor any given point hard-coded ftp password art code telnet password gives you shell and then hard-coded web password right so hmm not looking very good not looking very good I wonder if TSA knows that Cronus as chinese-made main board I wonder if they validate at the ones that they have in their TSA net have been made somewhere else and I wonder if they know the software as backdoors because when I reported to DHS they didn't come back to me and said yeah we know about this they said oh well this is really bad so Trust trust what you're hearing but verify the engineering okay so and then we're gonna talk about another device here this is called the Itemizer so and actually representative from that this company's here if you want to ask some questions PR guy so yeah this this is one from actual airport so this is not my Itemizer this is one from an airport so we see that it's networked you can see that you can actually get really close to these devices so this one has a USB on the back it can do all sorts of weird stuff but probably most important thing is that it's networked and then there are in places where people can't really see what's going on with them so take a look at that one where we take a look at that one just kind of off by itself right and it's kind of neat like okay just off by itself so I thought this is pretty cool sigh about one right and this is what the interface looks like if you were to stand in front of it and basically you have these modes so explosive narcotics or both right and what that shows you is this is how it detects so these are the these are the substances that it detects as you have this thing loaded up so T nitro cocaine heroin THC so and then basically how it detects is kind of in here as well all this is stored in one file called config dot bin so the way this whole thing works is the x86 processor will look at this in a second runs Windows EE the version that I have did Windows 2 e 3 the disk is on a chip about seven point five Meg's main program ps2 interface floppy interface and you want to have USB interfaces has IRDA I don't know what for so but yeah so the file system and suppose basic level looks like this I TMS ITM SCE is the main program that runs there's a user's not bin file that has all the user accounts that you create when you create a user gets store users that bin when you set the detection levels for a particular substance that gets saved and it config that bin so if you were to own this device and change it config that bin you would actually change the way the device is detecting substances so you could turn that all off you can change the way into text you could make its where certain substances are not detected whatever you want it's all on a config top bin file and then there's options not being history dot bin and a longer holder those aren't as important I think as a top three there and so that's my Itemizer I don't max have two of these so that's kind of neat if you tear this thing open so it looks like in the inside so this there's actually something that happened to me that actually kind of terrified me I broke this thing open I saw a radioactive stick around I was like oh my god I just owned myself like I knew this day would hide I knew this day would come like oh and and but then I realized that there's a protective case in there I guess the radioactive distance for this certain radioactive material and there's pretty low so I was like ok I'm alive let me get my kids away from this thing so as a Pentium processor which is really good for me because I mean it's x86 architecture and it means reverse engineering should be pretty straightforward that is the chip that has a software so that is essentially the hard drive of the device right so and if we pull all the software off and throw like the authentication routines into something like Ida we see all these weird kind of strings that at some point in time get compared during the authentication right so Mike oh well that's pretty interesting so let me walk you through what we saw here so this is a picture of the users menu when you log into this Itemizer so you see operator one maintenance one administrator one super user one and then you see a slew of users right so the way that this works is those four top accounts are basically default accounts and then the other accounts that you saw are actually users from the organization that previously owned the device before I had it they forgot to take their accounts off of there but that's ok when you create those accounts those get added to the users that bin if you delete the users not bin file what happens is those accounts get deleted and these four accounts up top have their password reset back to the default which are actually hard-coded into the binary so that's okay I also saw this sticker on my Itemizer I don't know what it means so and then I looked at the users in binary right so operator one maintenance one administrator one super user one administrator two and super user two I was like wow that's pretty interesting so let's compare the two right so and we will look at the built in accounts we see that there is some similarities but there's also some differences right so those are the two backdoor accounts there's an administrator to account and there's a super user to account right and so in the problem with this is that they don't ever show up in the user menu right so if you take a look at this I am actually logged in as super user - and if you look at the user menu there is no super user - right and so the problem with this is because if you want to delete a user if you're if you are an end user you bought this thing I want to delete a user I want to change the password or I want to add a user I go to the users menu I select which user I want and then I click modify and it shows me hey you can change the password here if the user doesn't exist in the user menu you can't actually modify that account so it just it's just not there you can't you can't modify the password you can't delete the user if you tried to create a user called super user - it won't let you or an administrator - so with this account you can do whatever you want so there's actually an advisory released on this particular vulnerability by DHS July 24th so it's pretty cool it's pretty light on details it says a independent researchers identify hard-coded credentials and willful Itemizer 3 they're not having produced a patch an update or new version I'm gonna get to this motor ability and I think more importantly they're like hey they're not gonna address this vulnerability something like oh man that's not good so but they talk to the guys from Morpho actually have some some good news and like a little bit bad news but uh maybe you can get some more stuff out of this guy but uh so the good news is that Itemizer 3 is actually not used by TSA anymore so they are using the latest version called DX so that's cool what I also found out is the are coded passwords that I showed you will not work in the DX so that's why we showed them to you so you can't take that password and walk up to a TSA device and login with that password so that's pretty good news the other good news is because we're going to give this talk at blackhat and show people what the passwords are Morpho is actually going to patch that issue it's going to be out by the end of the year so if you have an itemized or three you can thank blackhat for getting you a patch for this I asked them not to just change the password to a different password but to remove those accounts if they could write like those Pat those those accounts need to go right and so I think some of the bad news is that maybe can get more of the PR guys I did have a conference call with some of their engineers and the PR guys on call as well and it sounds like there's actually a new algorithm to generate super user passwords on the new version right so technician passwords still do exist on the new version it's a rolling password right so that means it's not just one little string you probably have to extract an algorithm and so but the PR guy tells me that that's that's not the case and then the details get kind of fuzzy so maybe you can talk to him and get more information about that so I think that's cool that they're going to patch this this is pretty neat I haven't heard from the other vendors about whether patches are coming out for their devices or not so and then so this really leads us to like hey she planned a vendor on this right there's three different vendors three different pieces of equipment should that should all the blame he put at the vendors feet right it's kind of the question and so I actually don't think so so I know that place is like TSA they depend on this equipment to do their job right like a TSA agent can swab your hands and sniff for that presence of explosives and and narcotics right well maybe they can't I don't know but I'm thinking that they cannot so they actually need this equipment to do their job it's not nice to have they need this equipment and I don't think the operators really understand or should be required to understand how the software works or how to detect exploited devices or whether devices have hard coded passwords or backdoors and things like that not the people at the screening checkpoints right that's not their job and looking at things like the rapid scan tip or we can actually inject images into image and screens and stuff like that I don't know if there's been good threat models conducted on some of this stuff especially when you can bypass logins and you find hard coded passwords or and things like that maybe there's custom defenses for that I don't know but to me it seems like that hasn't and and when we look at like the or one equals one and the weird authentication stuff and the hard-coded passwords and config files and that sort of stuff I don't know if these devices have been audited even for the most basic security issues right because those issues are actually pretty basic so but the more important piece is the vendors will develop the device to whatever the TSA tells them so in fact there's already a certification process for this equipment that TSA owns and that's how you get them to that little list and the pictures and all sort of stuff into this documentation and so whatever a requirement TSA puts onto the vendors the vendors will do it and I think TSA has a responsibility to do something like that because if you're a small courthouse or if you're a small prison and you have these devices I don't think you have enough clout to tell vendor how to do their software engineering but if you have two hundred fifty million dollars a year that you have to spend on equipment some people might listen I know I would listen so and oh by the way like we paid for all this stuff so I paid twice because I had to buy this software but you buy all the song you buy all the hardware that's actually at a checkpoint senator right so and then and then we did did this do these audits so so what I really hope is that someone trust what the TSA is telling us about their devices the way to certify them and we need you cyber security but more importantly I hope someone verifies that the engineering is reality so the custom defenses that they have a security stuff that they have in place where they say that they have in place the vulnerabilities that they know about I hope someone verifies that that that's a reality and then these are embedded devices right so this could easily be you know a little device that keeps track of your conference room scheduling or something like that and you're gonna buy a embedded devices in the future especially with IOT coming I would hope that you would do the same for your devices right understand what the software is running and what it's doing or at least you know make an effort to do that so because this is a real big problem especially the hard-coded passwords thing so especially for a corporation you have a lot of clout and do that before you fork over the money because because otherwise it doesn't work if you do this after you pay for the devices you don't have as much clout so all right I want I do want to take some questions here or if there's any questions at all hope you guys enjoyed the talk so I know I went kind of fast here
Info
Channel: Black Hat
Views: 251,195
Rating: 4.8035049 out of 5
Keywords: Black Hat USA 2014, BlackHat, Black Hat, Information Security, InfoSec
Id: hbqVNlwfjxo
Channel Id: undefined
Length: 31min 53sec (1913 seconds)
Published: Tue Mar 17 2015
Reddit Comments
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.