UGOTAG | Videos with Chapter Markers  
  
× ANCIENT WORLD ANIMALS AQUARIUM ARCHERY ARCHITECTURE ART ARTIFICIAL INTELLIGENCE AUDIO BOOKS AVIATION BABY BEAUTY BIG THOUGHTS BIKING BIOLOGY BIRDS BLOCKCHAIN BUSINESS AUTOMOTIVE CATS CHRISTMAS COLD WAR COMPUTER SECURITY CRAFTS CRIME STORIES CRYPTOCURRENCY CSGO DIGITAL COMBAT SIMULATOR DINOSAUR DOGS EASTER ECONOMICS ELECTRONICS ENGINEERING ENVIRONMENT FAR CRY 5 FARMING FASHION FISHING FITNESS FOOD & DRINK FORTNITE BATTLE ROYALE FREEDOM OF SPEECH FUNNY GAMBLING GAMING GARDENING GEOPOLITICS GOD OF WAR GUITAR GUNS HALLOWEEN HARRY POTTER HEALTH & WELLNESS HISTORY YOUR HOME HOME REPAIR HOMEBREW INSECTS INTERESTING KIDS KITCHEN KNITTING LAWNCARE LEGO LIQUOR LOCKSPORT MARKETING MARTIAL ARTS MATH MENS STYLE MINECRAFT MOBILE DEVICES MOTORBIKES MOVIES MULTIPLICATION MUSIC MYSTERY NEUROSCIENCE OLYMPICS ORGANIZATION OUTDOORS PETS PHILOSOPHY PHOTOGRAPHY PHYSICS PI DAY POLITICS POTTERY PRIVACY PROGRAMMING PSYCHOLOGY RECIPE RED DEAD REDEMPTION RELAXING RELIGION REMOTE CONTROL ROCKCLIMBING SCI FI SCI FY SCIENCE SHOOTING SPORTS SKATEBOARDING SPECIAL FORCES SPEECHES SPORTS STAR WARS STEM STPATRICKS STYLE TECHNOLOGY THANKSGIVING TOYS TRAVEL TV VALENTINE'S DAY WAR WEDDING WOODWORKING WW1 WORLD WAR 2
HOME  |  TECHNOLOGY  |  HEALTH  |  FOOD  |  MORE

Episode Markers
  • 00:22
     
    #siphons all cookies    #access the firewall internally   
    PoisonTap is a USB hardware attack that siphons all cookies from HTTP sessions, and permits the attacker to access the firewall internally.
  • 01:10
     
    #emulates an ethernet over USB   
    Once installed, PoisonTap emulates an ethernet over USB device.
  • 01:27
     
    #assign it to route almost all traffic through it   
    PoisonTap will return an IP address, and assign it to route almost all traffic through it.
  • 02:04
     
    #sealing the cookie information   
    Whenever a browser on the computer navigates to a page, PoisonIvy will inject attack code that opens 1000000 hidden iframes to the most common sites, sealing the cookie information.
  • 02:33
     
    #cache poison each domain    #backdoor to the attackers command and control   
    PoisonTap will also cache poison each domain so that whenever a user goes to those sites, it will open a backdoor to the attackers command and control that permits the attacker to execute arbitrary JavaScript on the victim's browser.
  • 03:36
     
    #remotely access the victim's router   
    PoisonTap also uses DNS free binding to to plant a backdoor that temporarily points to the PoisonTap device. However, once the PoisonTap is removed this will point to the IP of the router. This permits the attacker to remotely access the victim's router.
  • 04:16
     
    #use HTTPS exclusively    #secure flag on cookies    #HTTP Strict Transport Security   
    To defend against the attacks used in PoisonTap, websites need to use HTTPS exclusively, as well as set the secure flag on cookies to secure against the attacks used in PoisonTap. HTTP Strict Transport Security (HSTS) must also be enabled.

PoisonTap USB operation and feature overview

PoisonTap - siphons cookies, exposes internal router & installs web backdoor (reverse tunnel) on locked/password protected computers with a $5 Raspberry Pi Zero and Node.js. https://samy.pl/poisontap/ By Samy Kamkar Full details and source code at https://samy.pl/poisontap/ Buy a Raspberry Pi Zero here: https://amzn.to/2eMr2WY Buy cement for your USB ports here: https://amzn.to/2fX0I1e When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer (Windows, OS X or Linux), it: - emulates an Ethernet device over USB (or Thunderbolt) - takes over all Internet traffic from the machine (despite being a low priority network interface) - siphons and stores HTTP cookies from the web browser for the Alexa top 1,000,000 websites - exposes the internal router to the attacker, making it accessible remotely - installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with acces






Community tags: computer_security     HOME     SIGN UP     CONTACT US