Friday, 27 May 2016

Setting up a FC target using LIO






How I SetUp a FC Target on Linux

1. Install Fedora 23 & targetcli

Install Fedora 23. Use yum to install the following packages:

yum install targetcli 
yum install scsi-target-utils

2. Configure your FC HBA as a target (not initiator)

3. Use targetcli to configure the LUN

Start targetcli by running:

targetcli

Once in targetcli, you can type 'help' to review the available commands and 'ls' to review the current structure.



Monday, 2 May 2016

FC Security Investigation

I've been really lucky to be able to present my investigations into FC security at ACSC 2016, BSides Canberra 2016 and WAHCKon[3].

Here are some of the recorded demos from my talk.

Fabric Login on Protocol Analyzer


SAN Enumeration


WWN Spoofing

Living with a Hacker

A couple of years ago I joined toastmasters to overcome my fear of public speaking. Not sure it worked, but I did find a copy of my second speech (5 mins) and thought it was pretty funny.


-----------------------------------

Living with a Hacker

Madame, fellow toastmasters and guests.

My talk tonight was motivated by Silvio’s talk a few weeks ago about his association with computer security and xxx’s talk a few months ago now about living with bad flatmates. I wouldn’t say Silvio is a bad flatmate as such but he is definitely an interesting person to live with. I guess I was asking for it when I met him at a hacker conference in Melbourne some time ago. So with out further ado, the good, the bad and the ugly of living with a hacker.

Let’s start with the good. There is a certain uniqueness to being able to decompile a program binary into an intermediate language, pull out feature sets and do comparisons to malware families using machine learning. It’s safe to say Silvio’s skill set is very unique and companies are prepared to pay well for his services. However… despite this, he is always broke. This is due to his hacker nature that drives him to purchase every new and exciting electronic gadget that can either be hacked or can assist him in his hacking. To date we have a $2200 piece of equipment that looks like a set of kitchen scales that will read firmware off NAND chips, two different $500 odd FPGA development boards, two software defined radio boards including this one which had a small accident but cost around $1,200. The list is endless. In fact, we have 6 odd meters of desks, a 2 meter high tool chest, 6 shelves and a tool trolley all dedicated to holding his equipment. And that’s just inside the house, the shed is another matter. In our house, no electrical object can ever be thrown out, after all - every piece of junk is a potential hacking project.

This brings me to my second point I want to make about what to expect when living with a hacker. Everything is taken apart. For example, last month Silvio bought two IP phones. Fantastic, I thought, as our current household phone was out of action. About a week later I decide to set up the IP phone so that we can use it. Here is my next exhibit. When I asked what happened to it he matter-of-factly answers, “I disassembled it”… when I asked why he answered, “to see if I could connect to it with UART”. Of course. I wish I could’ve brought in our current ADSL modem, needless to say when the TPG technician came over about some noise on our line he was impressed the modem was still functioning.


But hacking is not limited to just physical components, with the introduction of software defined radio, my hacker housemate has begun hacking the airwaves. I remember one night sitting at home, watching TV in dim mood lighting, my hacker housemate was away giving a lecture. Suddenly and unexpectedly my lamp turns on. Creepy. Turns out, my hacker had reverse engineered a wireless remote that turned on and off lights and set up some code on his computer that turned on the lights at random times. Lesson 3, expect the unexpected.

I should’ve known better when my hacker housemate asked if he could drop me at work and borrow my car for the day. For any other housemate this might seem like an innocent request, but of course, if your housemate is a hacker this comes with a twist. Two months later my car featured in the media having been unlocked without the remote. A few times my remote became unsynced from the car, but I put my foot down sternly when a hacker fanboy suggested to my housemate that he might have gotten even further if he had opted to take the dashboard off the car to get to the receiver. Lesson 4, never assume the hacker is borrowing you stuff for the purpose for which it is intended.

So we’ve covered software, hardware, radio… but a hacker wants to be extensible in his skill set. I haven’t yet mentioned his chemistry adventures. I know what you’re thinking, what on earth does chemistry have to do with hacking? This is a complicated matter and pulls on several areas. I’ll see if I can explain this as clearly as possible. On most circuit boards there are little black square chips that are called integrated circuits, they are pretty much a printed electronic circuit that serves a specific function and have saved programs on them. They have protections in place to stop hackers from pulling off the code to find weaknesses in it. But that won’t stop my hacker housemate - apparently putting the chip into highly concentrated, heated nitric acid will melt away the plastic, expose the silicon circuit which you can then reverse to determine the program and if it has any weaknesses. This leads me to my next story of my hacker housemate in a black vinyl apron, chemical spill board, chemistry hot plate, several beakers and a gas mask. I’m not kidding, it looked like something from Breaking Bad. Fuming nitric acid is extremely dangerous with the possibility of burning your throat and lungs irreparably if inhaled. But all this is worth it, just so you can realise your dreams of placing a back door in an alarm system so that doing 3 star jumps in the front of the sensor will turn it off. Last lesson - living with a hacker is dangerous for your health.



But in all seriousness. Despite living in a house that is electronically better equipped than a small electronics manufacturing company. Despite the cover of everything electronic being unscrewed and circuitry exposed. Despite the fright of random unexpected automation around the house and my stuff being exploited. Even despite the possibility of an impeding AFP raid or worse, burnt lungs. Despite all these adventures and more, living with a hacker is the most fun thing I’ve done.