ThruGlassXfer: The TV people? Do you see them? presented at Kiwicon 2014

by Ian Latter,

Summary : ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen with just a phone.
Any user that has screen and keyboard access to a shell (CLI, GUI or even a Web Management shell) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access (VPN, VDI, ..) and End Point Security (DLP, AV, ..) architectures have no effect on the outcome.
In this session I will take you from first principles to a full exploitation framework. At the end of the session you'll learn how build on this unidirectional file transfer and augment the solution into a full duplex communications channel (a virtual serial link) and then a native PPP link, from a user controlled device, through the remote enterprise- controlled screen and keyboard, to the most sensitive infrastructure in the enterprise.
This is an exciting and cross-discipline presentation that picks up the story in the DEC VT220 terminal era and will take you on a journey to exploiting modern enterprise security architectures. So join me, whatever your knowledge or skill-set and learn something interesting!