2024-08-07 –, Firenze
Join us on an epic journey through the enchanting realms of Skyrim and the shadowy world of hacking in our first-ever technical blog turned talk. As passionate Skyrim players and modders, we stumbled upon an unexpected revelation – malicious Skyrim mods with the potential for real-world impact.
In this presentation, we explore the intersection of gaming and cybersecurity by demonstrating a malicious Skyrim mod. This mod, triggered by the seemingly innocuous in-game item "Meridia’s Beacon," unleashes a reverse shell to an attacker host. Our journey unfolds as we probe into the complexities of crafting this mod, touching on research, development, and testing.
Discover the unexpected dangers lurking in the world of gaming and gain insights into the fascinating realm of hacking studies. Prepare for a “Fus Ro Dah” of a time as we showcase not only the capture of a netcat reverse shell but the transformation of our payload into a full-blown Command and Control (C2) beacon.
This project was developed last year, it started as an idea on hallway at BSides Las Vegas, and it became our first Technical Blog. We are gamers and one of our favorite games of all times is Skyrim. We have spent hours playing and hours modding this game. Adding mods that add beautiful texture packs, intense spells, DLC sized adventures and incredible weapons and armor skins, you name it, it is out there.
Throughout the years, the modding world has grown, now some of the famous mod-housing platforms include a “Safe to use” label. Now at the time of us modding the game, security was not in mind, what could possibly happen if I am just playing my game with my Succubus character? As our career focus evolved, so did our curiosity. This talk will specifically cover and demonstrate what a malicious mod can look like for Skyrim! What does it do? It lingers around until a specific item is picked up by the character in game, triggering the spawn of a reverse shell to an attacker host! What in game item triggers this malicious action? The item is called “Meridia’s Beacon”. Why this item specifically? Well, we have been diving into command & control frameworks and thought that it would be ironic that an in-game item named “Meridia’s beacon” will be used to spawn a real C2 beacon.
We’ve pre-recorded all proof of concepts beforehand, since spawning 4 virtual environments on a laptop is a bit hardware demanding.
Passionate about the convergence of cutting-edge technology and artistic expression, Hexxed BitHeadz are always looking to merge the realms of ethical hacking and digital art creation. With a strong background in cybersecurity and a keen eye for aesthetics, we bring a unique and innovative approach to the world of digital creativity.