2024: A Cyborg Odyssey - Len Noe

you all for coming you know you guys decided to pick the uh in my opinion the coolest session but I'm a little bit biased so we're g to get kick this off uh if you are here for the 2024 a cyborg Odyssey talk you are in the right place if you're not here for that talk we're going to call it fate and you just wound up in the right place anyway so uh I do work for cyber Arc software my name is len no no opposite of yes and if you ask my parents I was named very appropriately because I've heard Len no no no pretty much my entire damn life uh I am a transhuman an e ethical

hacker and a white hat for cyber Arc software I am also a one half of the podcast team for cyber cognition which is a futuristic podcast talking about The Human Experience and how it's going to affect us moving forward into the future uh I am also a firsttime author my first book was released in October it was called human hack my life and lessons is the world's first augmented ethical hacker you can find the book anywhere on Amazon Barnes & Noble and yes that was a Shameless plug but we're going to deal with it anyway so let's get right down into the meat and potatoes of this what does tomorrow's threat look like now I've

been here at the bsides and I have heard so many conversations about the potential threats that AI presents to us as a species moving forward but I have a different perspective on this I don't necessarily think that that is the only future threat we need to be looking at these are my hands and these are actually an old set of xrays currently I have 10 different microchips between my elbows and my fingertips that allow me the ability to inter directly with multiple protocols they are all basically stemming from either neof field communication or radio frequency I have everything from a credit card so I can actually tap to pay with my hand which if you do that you might get told that

you have the mark of the beast now just saying that I want everyone to know I had no idea that the mark of the beast was actually Visa I have some chips in my body that are there for my own security to actually enhance my capabilities online that are fips compliant allow me the ability to get one-time password codes I can do uh hmx Shaw one pgp encryption Hardware keys I can even take and put a Tesla's valet key onto an implant I don't have one but my buddy did so it that allowed me to steal his car so the truth is the human being is the future Threat Vector and one of the things that I'd like to propose to this

audience right now to think about as I go through this presentation is how do we protect against an attack if you don't even know the attack is possible so allow me to introduce you to a subspecies of human beings that's been around since the 1950s in my opinion it actually goes way back farther than that the term is transhuman now I want to take a minute here and just make sure that everyone is on the same page being a transhuman has absolutely nothing to do with my gender ideology or my sexual preferences that these words have been thrown around quite a bit in recent times what this means is a transhuman is any human being

that is utilizing technology to either enhance or improve The Human Condition by those types of of definitions the caveman that used a tree branch as a crutch was a transhuman I'm not going to ask everybody to raise their hands because I'm not really the class participation kind of guy but I'd be willing to bet that there's probably somebody in this room that is wearing a continuous glucose meter for diabetes or possibly even a diabetic insulin pump these are considered transhumans anyone that's using a stem pain controlling device pacemakers clear audible implants for hearing these are all considered transhumans now transhumanism got its official name back in 1965 by a English scientist named Dr Julian Huxley he was

a natural scientist and his philosophy was that Humanity should be able to use technology to address deficiencies within the human condition but it should go no farther so essentially this will keep all human beings on the same level take example one of the most well identifiable types of this particular situation the peg leg from a pirate this was one of the the earliest representations of transhumanism once you get past the medical portion of it there was another gentleman that came out in the late 80s whose name is fm2030 don't ask me what his real name is because I can't actually pronounce it but he legally changed his name to FM 2030 and you may not be familiar with FM

but I know you're familiar with his work FM was actually one of the founders of cryogenics so he is actually Frozen right now in the hopes that they will be able to reanimate his body sometime in the future and FM's philosophy was any technology that can be added to the Human Experience to improve the condition it's on the table so we have two very conflicting opinions one that says we should not go anywhere Beyond where the human started and the other one that's basically said if it's on the table it's fair gain so let me give you a little bit of a warning the next couple of slides if you are squeamish you might want to close your

eyes for about the next three to five seconds so when we talk about transhumans I am what is known as a grinder so we are do it-yourself biohackers or transhumans like I said I currently have 10 different implants ranging from physical access credit cards I even have a magnet in the tip of my finger which actually has provided me an additional sense excuse me that I was not born with putting a magnet in your finger will actually allow you the ability to feel electromagnetic fields and currents almost like a spidey sense and when you have crazy friends like I do I'm not look at me I may look like you know some big scary guy but I am terrified of very

strong magnets yall don't know pain until you have a friend and we all have these kinds of friends that are going to run up at you and try and snap an earth magnet on the magnet that's inside your finger yall don't know pain till you've been pinched from the inside in the outside of your skin but this is just one example this is a gentleman by the name of Tim Cannon what you see there is the very first implantable Consumer Electronic that went into a a human being anybody want to take a guess what that was for you guys are not allowed anybody want to get take a guess what that did that was the original

Fitbit that was implanted in his arm in Germany and he actually got on a plane and flew back to the United States with his arm looking like that the point behind this and this was supposed to be in there for you know I believe it was 90 days he made it a couple of weeks before he said that the weight of the device itself was giving him kind of anxiety so it was removed a little early there was some issues with placements of some of the electronics in there but it proved that this could actually be done here's the same gentleman now that what you see on his hand may look like a crazy glove but once you get into like I

said putting magnets into your fingertips those are sonars and what it's doing is around his magnet and his pinky it's working with those sonar detectors to where he actually has the ability of human sonar those waves will come out the closer he gets the stronger the reaction within the coil is going to be this was one of the first consumer grade electronics implantables that you could ever buy it was called the North Star I remember when this came out this was 2014 2015 give or take and I remember when this first came out I was like this is is cool but it makes absolutely no point to me because as you can see what it does is it basically

makes you look like Iron Man and this is great if you want to show that you're different but a little background on me I'm an X1 perer Outlaw motorcycle club member I'm an ex black hat so the idea of having something that's going to draw attention to me not something that's really my thing from there this is a gentleman by the name of Rich Lee in my opinion The Godfather of Grinders if you get a chance look this guy up his story is fascinating what he's gone through as a result of his decision to augment himself should not be something that's experienced by anyone in my opinion the law was used against this gentleman in

terms of when he went through some issues with his family but what you see here he actually put magnets in the Targus of his ears and what looks like an a necklace is actually an induction coil and he has inar headphones now think about that where are we right now we're in a casino if you're playing Blackjack and You' got somebody that's looking at the Dealer's hold card you have a private Communication channel that nobody else would even know was happening or even this yeah I know it looks scary don't it what is going on here is this was an experiment with chlorin 9 this is a solution that yes it makes the eyes look

completely black for about 15 minutes but what it does is it actually allows the eye to be able to see in pretty much complete darkness they put him and another two gentleman in a completely pitch black room he was able to pick out shapes and patterns in complete darkness granted the effects of this only lasted about 45 minutes to an hour and a half but it once again it shows that what the human body is capable capable of is far beyond whatever we feel that we were born with so I've been doing these types of presentations since 2020 and I actually introduced three attacks at the RSA conference in 2021 and most people didn't get a chance to see that because

that was when we were all hanging out at home yall remember that thing called Co sorry so I'm going to take a minute and I'm going to show you guys those first three attacks that I debuted so the first one is called handshake my my attack I get to na it so this is a physical access attack the chip that I have right here in my left hand is actually a myair classic as well as procs indala Diamond pyramid and 126 other physical access protocols I have another chip in the back side of my right forearm that takes care of hid one two and three and and pretty much all the other missing protocols so all I

have to do is essentially skim your badge write it down to an implant and then compromise physical security now one of the first questions I get when we get to the Q&A section is why so I'm going to address that right here and right now due to the fact that these particular tools are inside of my body they are covered by the medical and privacy laws of both Hippa and gdpr so therefore the authorities do not have the legal right to eat been questioned so let me show you what this looks like in real like so I'm going to be using a tool called a proxar chameleon mini and we're going to scan a badge yes that used to be my badge and

yes I look like every hacker clip art you've ever seen in your life so we're going to get a new unique identifier I'm going to pull that into the chameleon program and just so that we can make sure everything's nice and easy I'm G to name this lens idid okay now I'm going to go ahead and we're going to scan my implant so that I can get a baseline very simple hit the button and we go back to the phone and you'll see that we get a new unique identifier we're going to open it up we'll make sure that there's actually data now at this point in the real world I own you at this point I can take this

if I'm part of a larger Collective I can give it out to my other members of my Collective and we can start working on a larger expanded Attack Base or if I want to monetize this this is where I can actually sell that information to an initial access broker and there's nothing you can do about it at that point so for the purposes of this demonstration I'm going to grab both of those dump files that that I previously uploaded to the cloud just to share or monetize and I'm going to pull them both back down into my cell phone and I'm going to run a diff command against my ID compared to my actual implant and what we're going to find is

all the sectors are the same except for sector zero line a so we're going to start off by colle selecting my ID then the implant and now we can see everything like I said is identical except for that first block so all I have to do is write that down to the implant and I can use my cell phone to do it so we very quickly turn around write this information back down and I'm going to go ahead and map out all the keys just to make sure everything transferred right then I'm going to go ahead scan again and you'll notice that what we have under the ID the numbers that I would suggest you look at are at the end of

the the line a string will be 768 69 as well as the implant so while you're watching the rest of this video I want to throw a scenario out there I've we've been able to clone cards for almost 15 years now if I use this particular attack Vector I know I'm going to be caught so let's walk through this this scenario I'm in your data center what's going to happen you're going to call your operations they're going to grab me they're going to stick me in an office they're going to call the police now when it comes to committing a crime especially within the United States and I am really bad with my Latin so I'm probably going to butcher this

but it's I believe it's pronounced as men's Rea which means malicious intent you can commit a crime and not be a criminal it's depends on what were your intentions to commit a crime so this is why in the past where when we compromise physical security if they catch you with a cloned card or a proxmark or some type of tool you're going to jail however in my situation when the police get there and search me they find nothing the worst they will be able to do is just trespass me off the property thank you US Government European Union Hippa and gdpr so the next attack now this one is only against Android devices so if you guys can't see this this was

the large implant that I showed you in the photo this is an RFID and NFC chip this coil is large enough that I can actually hold a mobile device in its correct natural orientation and that NFC will read through the density of my hand and I can actually compromise the device through physical contact so what we're going to do in this next one is I'm going to actually download a malicious Trojan APK onto a device and I'm going to do this in real time for y'all so we're here at bides Philadelphia y'all don't know me I don't know you if you didn't know I had these particular devices in my body I'm going to show you how quickly I can social

engineer someone and I'm going to do this in real time so what you see on the top is an enro session for obfuscation I'm going to open up a metlo listener in the bottom you guys ready to do a little rollplay with me okay here we go can I borrow somebody's phone please I I I just got off of the phone with my daughter my phone died one of my grandchildren they were in an ambulance there was an accident my my granddaughter was going to a hospital I I the phone died I don't know where they're going can I borrow someone's phone okay uh shoot now that I got a phone what's my daughter's phone

number who remembers phone numbers anymore we just program them into our phones oh gosh what is it 734 7346 oh my gosh I feel like the worst grandfather in the world I hope my grandson or my granddaughter is okay I gez I can't think of what their phone number is you know what I'm just gonna have to go charge my phone here's your phone back we're done I use an NFC URL redirector thank you I used an NFC URL redirector to point to a location out on the internet where I had a Trojan APK I installed that I'm dumping call logs I can dump your SMS and when it comes to Android I can actually pop a shell navigate your

file system and i' like to throw this out there for just so people understand how many people again you don't have to raise your hand this is more of a rhetorical question how many people in this room have some type of business application on their mobile device maybe it's Office 365 maybe it's something else but if you do not have those particular applications and cloud-based Services properly lock down I can ride those conduits from your mobile device right back into your Enterprise so like I said that was an attack specifically for towards the Android operating system don't worry my iPhone friends we we actually have another attack called flesh hook so this being a hacker conference

I'd like to think that there will be some people in here that have heard of this tool but this is an oldie but a goodie anyone here familiar with a tool called beef I got a few hands for those of you that are not familiar with it I implore you go check out this tool this is beef stands for the browser extension exploit framework so this is the tool behind the urban legend of be careful what websites you go to because the minute you bring the page up the bad guys are in your systems guess what that ain't no urban legend it's real it utilizes JavaScript is crossplatform and due to the lockdown nature of

Apple's IOS it's very difficult to get a Trojan in there because you got to jailbreak the phone but don't worry the web is free for everyone so and as a as somebody that likes to present things I love using beef if for no other reason than it presents really really well I mean how many times have you seen somebody display some kind of a hacking technique and all it is is a bunch of cod on the screen that you don't understand anyway well beef actually gives us a really nice web UI and a bunch of built-in modules so once again this is very easy all I have to do is redirect to a beef infected website since I deal with

predominantly Security Professionals I cloned the putty website because realistically who would freak out if they saw putty up in one of their browser tabs probably not anybody so it's very simple all I got to do is get close enough to trigger that pull up the website now through the beef tool I can turn on I can do on device spear fishing we can do geolocation we can do IP enumeration ping sweeps we can get persistence I can even turn on your microphones and your cameras and as a father of Five Daughters this is a very frightening concept but nobody really thinks about it and the reason I bring this up is because for being a one of the more secure

operating systems out there iOS with its new release of iOS 16 just made every one of its users far less secure when it comes to the Android architecture we have the ability to turn off native NFC reads with a switch apple with iOS 16 has removed the ability to turn off NFC and we're going to talk about why that such a terrible thing as we continue down the road here but as you can see I'm provided with a bunch of built-in modules I can exploit right off the bat so those were the three attacks that I debuted at RSA now the following two these are two attacks that I've added as a result of writing my book so the first

one is an implant-based man- INE middle and this one is the first time I've actually decided to start using multiple chips and additional Hardware in my attack process so what I've done is I'm using a Raspberry Pi 0 W2 with a battery pack on it that's running auntu 244 why because one of the features of 2404 is the very quick and easy ability to create a Wi-Fi hotspot you'll see it when we do it and what I've done is I've put a transparent proxy behind that hotspot I'm going to be using two separate microchip implants the first one is an NFC redirection tag to where I put the root certificate for that transparent proxy and the second NFC trigger is a at join

SSID Wi-Fi network and before we get started I get this all the time and I'm gonna again I'm gonna get this out of the way up front Len we're security we're security conscious here we're bside we shut our Wi-Fi off when we leave the house guess what it doesn't matter the NFC trigger part of the routine is to actually return on your Wi-Fi so let me show you guys what this looks like in real life so like I said we start off with a standard auntu 2404 I go into the network properties and this is the only reason I use auntu I mean I could have done this through code but let's be honest it's a

pain you know and we are hackers so there for we do do things for low hanging fruit in ease of use so just like that I now have a Wi-Fi hotspot I launch a script that actually will start up my transparent proxy set up my IP forwarders and my or my IP forwarding as well as my IP tables and Lead Me with a terminal so this is a two-part attack it doesn't have to be done all at the same time the first step is going to be downloading the certificate before we do that I wanted to show everybody how easy it is for me to actually Pro program these chips this is a tool called NFC

Pro available on the Android Marketplace this basically is how I have to do to program it I have multiple attacks programmed on my phone and I can program these chips on the fly so first thing we're going to do we set up the URL to the download and this is what it looks like when I trigger it so it's going to say what application do you want to use I want to use Chrome so now all I got to do let's just install the certificate no Android said you cannot install certificates natively directly from the download folder but if you go up to pull the window blind down hit the gear go to settings and type in certificates it

will let you install it directly without any additional Step Up authentication so from there now we have this the root level certificate of the transparent proxy installed we go back to into my library of attacks and we select the one for connect to SSID network which has already been preset and configured to connect to that Rogue access point that I have running on the Raspberry Pi takes just a few seconds to actually go ahead and program the chip then once again if you have your Wi-Fi turned off the first start part of this NFC routine is to actually reenable Wi-Fi and connect to the predetermined SSID so once I say yep go ahead and connect anything that's going to come

across the wire all of your background processes anything that you happen to pull your phone out and do let's go back to my my transparent proxy portal page I'm going to get in clear text how's that for fun and the trick is unless you are actually know that these types of attacks are happening would you even bother looking down and see see that you're when let's say we were here at this conference and I did this when you get back to your room would you notice that your Wi-Fi was turned back on would you go look through your Wi-Fi networks and see what you were connected to nine out of 10 people are the answer is going

to be no so these are things to just keep in mind the last attack I'm going to show you today is an implant implant-based fishing or smashing attack they work in both directions so once again going to go ahead use my NFC tools Pro and I already have these attacks like I said sitting in a library waiting for me to use so in this case I'm going to do a fish now this is a little bit different what is the hardest part about actually pulling off a fishing campaign getting someone to believe the initial fake hook so if you guys don't know these two gentlemen down here in the front row these are part of the

Cyber circus Network this is Jason and Kevin let's say Jason is my actual Target I'm going to go after Kevin I'm going to compromise his phone so that when that email comes out it's going to come from his default email carrier or his default messaging program there's no way to determine that this is a fake initial email because it's coming from a legitimate source so once again we go in this is what it looks like I want to complete this action utilizing the standard Gmail it's already been preconfigured in this in my example I'm sending this somebody attacking me who's trying to get to one of my associates Mr Vall Patel and this is what the email looks

like on the other end it's coming from a legitimate email account and it's got a embedded hyperlink so this could be pointing repointing them to a malware site it could be another situation where I'm using beef it could be anything but the moral of the story is Jason would have no way of knowing that that was not actual real information coming from Kevin so at this point I have no doubt that everybody is going okay Len y'all cyborgs are here we get it now what do we do about it so before we start talking about the mitigations for these types of attacks we need to talk about the technologies that are actually involved here so as I

said earlier we are seeing such an expansion of bring your own device over the course of 2024 that the expectation it's going to to continue to increase over the course of 2025 and at the heart of this whole conversation is a simple little protocol called nearfield communication now NFC was never intended to be a secured protocol but yet we treat it as if it was and the problem with turning off NFC is it goes against the what Society is actually currently pushing us to use which is Apple pay and Android pay the the protocol that's behind the ability to tap to pay is NFC so now that we know that we can actually talk a little bit about how to

mitigate these strategies because we built an entire section of our economy around an insecure protocol so for starters when it comes to the physical security anyone here have a single point password or a single Factor authentication to get into privileged things upon your digital Networks no because we know better than that realistically if you want your cyber Insurance multiactor authentication is the minimum that you must have in order to be able to qualify but yet when it comes to our physical locations we don't take the same type of actions I mean again if you want to raise your hand for this be my guest but I wouldn't recommend it anyone here have just a scan click door open to your data center

this is a single point of access and if I can get physical access to a server the amount of damage that I can do is so much more than what I could do coming in over a wire but we don't change it I used to work for a human resources and Payroll Company it's three letters starts with a and ends in P but I'm not going to tell you what it is and just to get into our building not into the data center but just to get into the building with a minimum of a badge and a pin if you wanted to get into our data center it was anywhere between three to five layers of protection before that door

was going to open so for starters when it comes to our physical security we need to treat it with at least the same minimum skepticism that we treat our digital so when it comes to our the digital attacks that I showed you I've got two sets of recommendations the first one is for Enterprise where you can potentially use mobile device management policies for starters and and I'm going to show tell you the policies that you actually need to consider to prevent this so for starters NFC is by default as I've said numerous times an insecure protocol do not allow standing uh standing privilege of NFC I'm not telling you don't allow them to use it because it does have a legitimate

function but just like we have Step Up Authentication within digital networks if you want to do make a tap to pay go into your settings turn on the NFC make your payment don't allow the NFC to remain on for more than say five to six minutes at a time we don't have a problem making these kind of requests from the digital aspect we need to make it within our own personal lives as well number two the beef attack do not create an MDM policy that will not allow for your pages to remain persistent after the browser closes beef is one of those tools where until I can actually run additional parameters to get persistence I only have that

connection as long as that particular page is in the browser so if you close the tab I lose the connection do not once somebody closes down out of their browser close all open tabs that will negate that particular attack Vector when it comes to us and our individual capacities nobody likes to hear this but I hate to be the one to break it to y'all we need some behavioral modification if I was to ask anyone in this room right now can I look in your wallets or your purses is anybody going to hand them over to me but yet if somebody walks up and says hey let me see your phone for a minute I

got a video I want to show you there's a 50-50 chance that you're going to hand that phone over the am if we talk about what's in our wallets and purses maybe a driver's license and credit cards maybe a a medical ID the amount of data that's in your mobile device is exponentially more and we treat it as if it's a toy so first recommendation is respect the data on your mobile devices and if you wouldn't give your wallet to someone don't give your mobile device to someone disable your vulnerable protocols wherever possible this is more as I said for the Android users than the iPhone because you guys unfortunately are kind of so at the moment after this

last up date uh I do expect there to be some type of third party application that will be made that may be able to shut this down just from a security perspective or I expect Apple to completely freak out due to the backlash that they're already getting over this but unfortunately there's not much you can guys that are running iOS can do right now except be very very cautious this is one of those points where I said don't let your mobile device out of your hands and finally start really taking the strong security fundamentals that we've learned from the industry and start putting them into practice in your own lives how many people here stay up to

date and the minute they're they've got updates they're hit they're on them or you sit you know the bad guys only have to be right once you have to be right every single time and at this point we're not talking about your corporate assets anymore we're talking about your own individual assets and your own identity and finally keep pushing the zero trust concept trust but verify so with that I don't really have any time for Q&A but I will be hanging out over by the barcode Booth when I get done here so if you have questions I'd be happy to answer them for you uh this is the book that I was referring to earlier the demonstrations that you saw

today are are actually broken down in that book we are available on Barnes & Noble Amazon and anywhere books are sold uh we have Kindle and we do have the audio book coming out on the 12th so we are able to handle everybody's particular preference with that I'd like to throw up my information one last time if anybody wants to take a quick snapshot of that I'm very active on social media hit me on LinkedIn if you're one of those people like I used to be who doesn't like asking questions in large groups I know how that is give me a shout on LinkedIn if you see me somewhere walk up I'm a very very approachable person and

with that I would like to thank you all very much for taking the time to come and listen to my talk today and I hope you found it entertaining as well as educational