In the final part of the CAN hacking series, the focus is on manipulating CAN traffic, specifically analyzing ICSim speedometer traffic dumps, and utilizing Can-Hax, a custom fuzzing tool. Links to the ICSim project and the Can-Hax tool on GitHub are provided, along with summaries of previous installments.
Tag Archives: cybersecurity
Hacking CAN Traffic Part 2: How to Capture and Manipulate CAN Packets
In the second part of a three-part video series on CAN bus analysis, viewers will explore practical techniques for CAN manipulation. The video covers tools like candump, cansend, and canplayer to manipulate CAN frames, focusing on analyzing traffic dumps to isolate packets for turn signals and door locks in ICSim.
Hacking CAN Traffic Part 1: An Introduction to CAN and ICSim
The first video in a three-part series on hacking Controller Area Networks (CAN) introduces the basics of CAN bus and essential Linux tools for monitoring traffic. It includes guidance on setting up the Instrument Cluster Simulator (ICSim) for automotive security. Subsequent videos will cover packet capture and fuzzing techniques.
Introducing: Can-Hax
Yesterday was New Software Day. I occasionally release a program or 2 that I’ve used to automate my life. In this case, I have release Can-Hax, which is a tool that I wrote to fuzz Controller Area Network (CAN) frames using a Linux OS with can-utils involved. CAN is a way for sensors, controllers, andContinue reading “Introducing: Can-Hax”
Video: DDoS Mitigation Technologies
In this video, we will explore 6 key technologies organizations use to mitigate Distributed Denial of Service (DDoS) attacks. We’ll also cover an overarching strategy to enhance resilience against these persistent threats. Each approach offers unique benefits and plays a critical role in building a comprehensive defense. These defenses help protect against disruptive cyberattacks thatContinue reading “Video: DDoS Mitigation Technologies”
Blue Team Googledorks: Attack Tools
Github is an amazing place to organize and publish programming code (plus a lot more things like lists of resources or a community-written howto.) Exploit developers are actively creating cutting-edge attack tools here. The Googledork contains either: You can add in any other kinds of attacks that are relevant to you, just add them withContinue reading “Blue Team Googledorks: Attack Tools”
Blue Team Googledorks: Credential Dumps on Pastebin
A credential dumps is a list of usernames (usually email addresses) and their related passwords. They might have additional information such as address, credit card details, etc. And amazingly, some attackers and attack tools publish this information to Pastebin. Pastebin is a site that allows you to paste text into it, get a unique URLContinue reading “Blue Team Googledorks: Credential Dumps on Pastebin”
Video: Web Application Firewall Rule Internals
I recently created a detailed presentation about Web Application Firewall (WAF) rules. It covers how they work and how to improve their accuracy and effectiveness. The presentation dives into the fundamentals of WAF functionality. It explains how these firewalls analyze and filter traffic. This protects web applications from threats like SQL injection, cross-site scripting, andContinue reading “Video: Web Application Firewall Rule Internals”
Cybersecurity Sales: Getting Attention
I have at least a decade and a half of supporting sales teams as a security manager, CISO representative, proposal writer, or CTO. And every sales team has some kind of inside sales or sales development representative role. One of the quickest “wins” I’ve seen came from a few conversations to simplify their pitch andContinue reading “Cybersecurity Sales: Getting Attention”
Blue Team Googledorks: Web Attacks
After starting a CSIRT for a CDN and web security vendor, I ran into a scenario where I needed to be able to find customers that had public security incidents that we could help them out plus we needed a way to find and track incidents for companies that weren’t customers. To use this Googledork,Continue reading “Blue Team Googledorks: Web Attacks”