Explore a conference talk from GrrCON 2019 that delves into the additional risks businesses face in public spaces. Learn about various attack scenarios, including captive portals, QR code exploits, and keyboard traps. Discover how attackers can leverage simple redirects, DNS spoofing, and command injection to compromise corporate security. Gain insights into physical and mobile attack vectors, and understand the importance of security consciousness in public environments. Examine tools like Zap proxy and WHID Cactus, and their potential for data exfiltration and system control. Understand the implications of full screen capture and clipboard manipulation in public settings.
Overview
Syllabus
Intro
About Len Noe
The Art of War
MouthChecking
Scenario
Evil made attacks
Captive portals
Dropping business cards
Attack scenario
Overview
QR code
Captive portal
Zap proxy
Slide decks
Secondary VPN
Security conscious
responder
mobile attack scenario
physical attack scenario
corporate security
simple redirects
DNS spoof
Keyboard trap
Keyboard steal
Every keystroke
clipboard
psycho cat
I can extricate data
Take control
Pcap
Command Injection
Full Screen Capture
WHID Cactus
Tiny CC
