Date: November 7, 2019
Speaker: Michael West
Bio: Michael West is a Technical Advisor at CyberArk who teaches companies how to make pentesters and hackers miserable. While native to Dallas, his presentations on barcode scanner hacking, personal privacy, and high-altitude balloons have been featured around the world, including “barcOwned” at DEF CON, HackCon Norway, and BSidesDFW. As a frequent traveler, Michael enjoys sitting on the couch with his cat, Java, and doing absolutely nothing.
Subject: barcOwned – Popping shells with your cereal box
Abstract: Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem? By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. We’ll be demonstrating barcOwned: a small web app that allows you to program scanners and execute complex, device-agnostic payloads in seconds. Possible applications include keystroke injection (including special keys), infiltration and exfiltration of data on air-gapped systems, and good ol’ denial of service attacks.
Please RSVP to ensure an accurate head count for lunch:
Professional Credit: 1.5 CPE