AIS Exposed - Understanding Vulnerabilities and Attacks 2.0
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the vulnerabilities and potential attacks on Automatic Identification Systems (AIS) in this comprehensive Black Hat conference talk. Delve into the intricacies of AIS, including its application layer and required installation. Learn about various attack vectors such as programming malicious routes, hijacking through rogue gateways, and man-in-water spoofing. Discover advanced techniques like frequency hopping, CPA alerting, and malicious weather forecasting. Examine denial-of-service attacks, including slot starvation and timing attacks, as well as application layer vulnerabilities. Gain insights from real-world experiments and responsible disclosure practices. Conclude with a discussion on proposed countermeasures to enhance AIS security.
Syllabus
Intro
Outline
Automatic Identification System
Required Installation
AIS Application Layer
Example
Programming a malicious route
Hijacking (Rouge Gateway)
Our Testing Lab
AIS Transmitter
Man-in-water Spoofing
Frequency Hopping (DoS++)
CPA Alerting
Malicious Weather Forecasting
Slot Starvation (DoS++)
Timing Attack (DoS++)
Attack the Application Layer
Real-World Experiment
Responsible Disclosure
Proposed countermeasures
Taught by
Black Hat
Related Courses
Practical Side Channel Attacks on Modern Browsers - Lecture 6YouTube High-Assurance Crypto Software
media.ccc.de via YouTube Building Trusted Systems on Top of Leaky Abstractions
Paul G. Allen School via YouTube On the Insecurity of JavaScript Object Signing and Encryption - AppSec EU 2017
OWASP Foundation via YouTube The Timing Attacks They Are A-Changin' - Web-based and Browser-based Timing Attack Techniques
OWASP Foundation via YouTube