Profile

Cover photo
Dragos Ruiu
Works at dragostech.com inc.
Attended University of Alberta
Lived in Saskatchewan
1,652,111 views
AboutPostsPhotosYouTube+1's

Stream

Dragos Ruiu

Shared publicly  - 
 
All UR Drones R Belong 2 US: Victory for Jonathan Andersson !!!

Well this morning is off to an exciting start. I woke to messages from Jonathan abut his success in a project in the works for quite a while. I've mentioned a few times here that I've been interested in hijacking drones for a while, and have been doing some research with Shane Macaulay in the area. At the Whistler trip after CanSecWest last year we were sitting around in one fo the cabins with Jonathan who teaches (along with Brandon) the Software Defined Radio (SDR) Dojo training course at CanSecWest while playing around with BladeRF SDRs (doesn't everyone do that after skiing?) and talking about updating the lab excercises in his training course to include hijacking frequency hopping spread spectrum drone RC control signals as a part of the course material and lab excercises. Talking about the stuff I had been researching with Shane and playing around with attacking the 3D printed OpenRC F1 car I had up at the cabins using the BladeRF SDRs used in his Dojo inspired him, and he's been busy working on it since. He finally succeeded and nailed down all the details and tested it, he told me this morning, so I'm quite happy to announce his presentation at PacSec: Attacking DSMx Drone Remote Control Systems using SDR.
4
1
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
There are more than a dozen CNC milling projects on Kickstarter (two dozen counting defunct ones). I've looked at them after my experience in setting up my own machine and these folks at Sienci, who come out of University of Waterloo are the ones I would recommend. It looks like their Kickstarter will launch, but it closes tomorrow if you want to get in on it.

I spent some time chatting to these folks and asked them some hard questions about their CNC build to make sure that they had good solutions for the challenging parts of building a CNC that folks don't tell you much about. I liked the answers they gave me. They've got a good grasp on what it takes to build a CNC mill product and some of their ideas are quite innovative (esp the software stack). The reasons why I like this one:

The price for the size of milling space is good. Large enough to produce many objects, and price low enough to be useful to many.

The hardest part of CNC is the software and machine control, the hardware is simple it's just three stepper motors and a rotating milling bit -these guys are putting a lot of work into making the complex milling/pathing and control part easy. With traditional CNCs you can easily spend several times the cost of the machine on software for it.

Their hardware will still work with the industry standard Mach3/4 as well as their own stuff if you want to switch to other software later.

They use a very common garden variety router for which bits and tooling are very easy to find. Bits and tooling, collets, and many other aspects of CNC is a maze one can easily get lost in.

The work holding area and system is rudimentary but workable.

The machine looks easily hackable and expandable, to do things like add a rotary 4th axis later, cutter misting etc...

The enclosure provides access but still catches the debris, while the size makes it an easy fit into many workshops.

Check it out. For me another bonus is that they are in Canada and there is no messing with random duty on it. This project looks like a good way to get your feet wet and jump into the pool of CNC fabrication without the time investment requirement or cost of a traditional CNC mill product.

http://goo.gl/1DL1N5
The Sienci Mill One turns your ideas into reality by carving 3D objects from materials like wood, metal, plastic, foam, and PCB.
3
1
Joel Seltmann's profile photo
 
Subtractive (CNC Milling) vs Additive (3D Printing)! Also This to Consider!:

http://www.instructables.com/id/DIY-high-resolution-3D-DLP-printer-3D-printer/
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Coincidentally this tutorial on Windows Device Guard was posted on the same day Mubix's USB Ethernet adapter emulation trick. How handy!

http://goo.gl/0xc3xD
Welcome to the first in a series a Device Guard blog posts. This post is going to cover some introductory concepts about Device Guard and it will detail the relatively aggressive strategy that I used to configure it on my Surface Pro 4 tablet running a fresh install of Windows 10 Enterprise ...
2
Jamaa L's profile photo
Jamaa L
 
I'm still waiting for badbios bins 
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Coincidentally this tutorial on Windows Device Guard was posted on the same day Mubix's USB Ethernet adapter emulation trick. How handy!

http://goo.gl/0xc3xD
Welcome to the first in a series a Device Guard blog posts. This post is going to cover some introductory concepts about Device Guard and it will detail the relatively aggressive strategy that I used to configure it on my Surface Pro 4 tablet running a fresh install of Windows 10 Enterprise ...
4
2
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Snagging creds from locked Windows/OSX machines using USB-Armory/Hak5-Turtle http://goo.gl/IHxepE
First off, this is dead simple and shouldn't work, but it does. Also, there is no possible way that I'm the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn't believe it was true). TL;DR USB Ethernet + DHCP + Responder == Creds ...
10
4
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
This is still just a parlour trick. If you are serious about RF air gap exfil you will use the built in FM radio receiver in most Realtek audio chips. Also those Realtek audio chips are way better at ad-hoc RF/Radio transmission than those USB chips. They can do much higher data rates and better modulation, and they have a serious amount of plentiful firmware flash to play with (up to a gigabyte in some chips) - firmware that no-one verifies and checks. There are plenty of other reasons the HD audio chips are better suited to these sorts of fun. Ping me off-line if you are interested.

There is a reason why one of my most important software security tools for air gapped computers is a Dremel. I guess I should do a presentation on this stuff sometime.

http://goo.gl/1JxAau
Technique works on virtually all USB drives with no modifications necessary.
22
7
Juillian Lin's profile photo
 

= . 
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
You remember the FBI saying it had no recourse but to force Apple to create a backdoor. And everyone said why not just mirror the flash? Here someone tested it, and as expected it worked well and was straightforward.
Abstract: This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its ...
8
2
Amauri Viguera's profile photoKevin Burress's profile photo
2 comments
 
They want to sequester the number faster. There are no limits on sequestering.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Many folks today are talking about the Uber Pittsburg autonomous vehicle test announced today, and Geohot's comma self driving device he presented at TC Disrupt. It only seems apropos to announce accepting a talk at PacSec (Oct26/27 Tokyo) entitled:

Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-Driving Vehicles

from:
Jianhao Liu, Director of SKY-GO Vehicle Cyber Security Team
Chen Yan, Ph.D.Student, Zhejiang University
Wenyuan Xu, Professor, Zhejiang University & University of South Carolina

Synopsys:

To improve road safety and driving experiences, autonomous vehicles have emerged recently, and they can sense their surroundings and navigate without human inputs. Although promising and proving safety features, the trustworthiness of these cars has to be examined before they can be widely adopted on the road. Unlike traditional network security, autonomous vehicles rely heavily on their sensory ability of their surroundings to make driving decision, which opens a new security risk. Thus, in this talk we examine the security of the sensors of autonomous vehicles, and investigate the trustworthiness of the 'eyes' of the cars. In this talk, we investigate sensors whose measurements are used to guide driving, i.e., millimeter-wave radars, ultrasonic sensors, forward-looking cameras. In particular, we present contactless attacks on these sensors and show our results collected both in the lab and outdoors on a Tesla Model S automobile. We show that using off-the-shelf hardware, we are able to perform jamming and spoofing attacks, which caused the Tesla's blindness and malfunction, all of which could potentially lead to crashes and greatly impair the safety of self-driving cars. To alleviate the issues, at the end of the talk we
propose software and hardware countermeasures that will improve sensor resilience against these attacks.

My opinion:

The trials are fine, and I wish them the best. This stuff is no-where near ready for mass market use. Many years of testing and are needed first. This paper underscores the many unknowns of automated autonomous vehicles.
6
1
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Uh...
22
7
Rogan Dawes's profile photoValdis Klētnieks's profile photoAmauri Viguera's profile photoLisa Borel's profile photo
13 comments
 
Nope, you are all wrong. I guess it did not occur to you all that there would be a requirement for the plate to be submitted for the transaction to complete, but there is. No fun for you today, sorry.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
You always hear about amazing (and usually an excuse to make them super-expensive) exotic "ceramic" parts for cars, airplanes, or other expensive complex devices, but what does that really mean? (Including that transparent aluminum link going around Facebook yesterday...) Ceramics covers a lot of ground for materials, some are strong, some are hard and durable (not the same thing as strong), some are easy to make and work with while others are complex and expensive. I found a lot of confusing material about this and needed to make sense of it so I spent a little bit of time researching it (because I needed to buy ball-bearings which were very confusingly priced) and this is the result of my sorting through that stuff, so here is a quick reference to the commonly used ceramics, their properties and what they are often used for.

The second link has a more comprehensive list and more technical details. So in the future when you explain something ceramic you can use the actual material name instead of this nebulous and almost meaningless "ceramic" term.

Aluminum Oxide (Al2O3). Aluminum oxide (alumina) is the workhorse of advanced technical ceramics. It has good mechanical and electrical properties, wear resistance and corrosion resistance. It has relatively poor thermal shock resistance. It is used as an electrical insulator for a number of electrical and electronic applications, including spark plug insulators and electronic substrates. It is also used in chemical, medical and wear applications.

Zirconium Oxide (ZrO2). Zirconium oxide has the highest fracture toughness of any advanced technical ceramic. Its toughness, mechanical properties and corrosion resistance make it ideal for medical and selected wear applications. Its thermal expansion coefficient is very close to steel, making it an ideal plunger for use in a steel bore. Its properties are derived from a very precise phase composition. Some environmental conditions can make the material unstable, causing it to lose its mechanical properties. Its relatively low hardness and high weight also limit its broad use in wear applications.

Fused Silica (SiO2). Fused silica is an excellent thermal insulator and has essentially zero thermal expansion. It has good chemical resistance to molten metals but is limited by its very low strength. It is used for a number of refractory and glass applications, as well as radomes for missiles.

Titanium Diboride (TiB2). Titanium diboride is an electrically conducting ceramic and can be machined using electron discharge machining (EDM) techniques. It is a very hard material; however, its mechanical properties are poor. Its major use is in metallurgical applications involving molten aluminum. It is also used for some limited wear applica- tions, such as ballistic armor to stop large-diameter (>14.5 mm) projectiles.

Boron Carbide (B4C). Boron carbide is the hardest material after diamond, giving it outstanding wear resistance. Its mechanical properties, especially its fracture toughness, are low, limiting its application. However, it is used extensively for ballistic armor and blast nozzles. Boron carbide is also a neutron absorber, making it a primary choice for control rods and other nuclear applications.

Silicon Carbide (SiC). Silicon carbide has outstanding wear and thermal shock resistance. It has good mechanical properties, especially at high temperatures. It is a semiconductor material with electrical resistivities in the 10^5 ohm-cm range. It can be processed to a very high purity. Silicon carbide is used extensively for mechanical seals because of its chemical and wear resistance.

Tungsten Carbide (WC). Tungsten carbide is generally made with high percentages of either cobalt or nickel as a second, metallic phase. These ceramic metals, or “cermets,” have wide use as cutting tools and other metal-forming tools. Pure tungsten carbide can be made as an advanced technical ceramic using a high-temperature hot iso- static pressing process. This material has very high hardness and wear resistance and is used for abrasive water jet nozzles; however, its weight limits its use in many applications.

Aluminum Nitride (AlN). Aluminum nitride has a very high thermal conductivity while being an electrical insulator. This makes it an ideal material for use in electrical and thermal management situations.

Boron Nitride (BN). Hexagonal boron nitride is a chalky white material and is often called “white graphite.” It has generally poor mechanical properties. It has outstanding high-temperature resistance (>2500oC) in inert atmo- spheres but cannot be used above 500oC in an air atmosphere. It is used as a high-temperature insulator and in combination with TiB2 in many ferrous and aluminum metallurgical applications.

Silicon Nitride (Si3N4). Silicon nitride has the best combination of mechanical, thermal and electrical properties of any advanced technical ceramic material. Its high strength and toughness make it the material of choice for auto- motive and bearing applications.

p.s. They are expensive but Silicon Nitride is the one you want for ball bearings. And if you are one of the likely four people that read this far down, congratulations on your patience and curiosity for knowledge, hope you learned something.

http://goo.gl/aFJIqT

http://goo.gl/8Rs3Kv
Silicon carbide consists of the chemical elements silicon (like in sand) and carbon, and is very hard. Due to the good chemical resistance, silicon carbide can be applied very well under extreme conditions. PROPERTIES. high stiffness. high thermal conductor. chemical resistant.
11
8
Eric Hansen's profile photoJürgen Christoffel's profile photo
2 comments
 
Zirconium Oxide is used for tooth repair too, dental crowns are made of it.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
The iPhone 6 (plus/s/s-plus) is a very capable imaging device and camera.

The Zeiss Mutar 0.6x Asph T is an amazing piece of glass. Coated and aspherical distortion corrected to give one of the best 18mm lens equivalents I've ever seen.

Together they are superb.

If you are a professional photographer, it's almost worth buying an iPhone just to put behind this lens.

http://exolens.com
3
1
Al Middleton's profile photoAmbrosius Zwackelmann's profile photo
2 comments
 
Check the LG G4 and G5 for superb photo quality.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
All Ur Memor R Belong 2 us.: PCILeech
Read memory (fast!) using DMA over PCIexpress memory reader using PP3380 chip set.

Useable over PCIe, miniPCIe, ExpressPort, and Thunderbolt.

Just ordered a 3380 mini pcie, mini pcie to express card adapter, and express card to thunderbolt adapter and can now flip the bird to not getting a kernel driver cert for OSX forensics.

Bwahahahahahahahah!!!!

http://goo.gl/XSwwyA 
pcileech - Direct Memory Access (DMA) Attack Software
6
3
Michael Gebetsroither's profile photoBjörn Lundén (blunden)'s profile photo
5 comments
 
+Michael Gebetsroither To be honest I don't know if some drivers force it to be disabled on OS X or Windows 10 Enterprise. Interesting point about the Linux Nvidia driver though.
Add a comment...
Story
Tagline
Stop, Think, Pwn.
Introduction
Systems Rationalizer
Bragging rights
Can hover inverted. ;-)
Education
  • University of Alberta
Basic Information
Gender
Male
Other names
dr
Work
Occupation
engineer
Employment
  • dragostech.com inc.
    engineer, 1997 - present
  • HP
  • Myrias
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Saskatchewan
Links
Dragos Ruiu's +1's are the things they like, agree with, or want to recommend.
Waze Social GPS Maps & Traffic
market.android.com

Waze is a fun, community based mapping, traffic & navigation app. With millions of drivers from across the globe joining forces to outsmart

Threema
market.android.com

Threema ist eine Kurznachrichten-App mit einem besonderen Fokus auf Sicherheit. Echte Ende-zu-Ende-Verschlüsselung garantiert, dass niemand

CPU-Z
market.android.com

Android version of the popular CPU identification tool for PC/Windows., CPU-Z is a free application that reports information about your devi

Demand answers and real consequences for robocall election fraud
www.leadnow.ca

Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part

KB14320-How to maximize battery life and free memory on the BlackBerry s...
btsc.webapps.blackberry.com

Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac

Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...
blog.amvsoft.com

Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s

Locus Pro
market.android.com

MULTI-FUNCTION TOURIST NAVIGATION Irreplaceable application for hiking, geocaching and your everyday life. Locus offers many useful features

A free and open world depends on a free and open web. | Google
www.google.com

A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The

There's a New Way to Own a Piece of Facebook Before Its IPO
mashable.com

If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad

Maverick
market.android.com

Off-road GPS navigator with offline maps support, compass and track recording. Use offline maps and GPS even without an internet connection.

Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...
bleacherreport.com

As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters