Skip to main content

More right-solid
More right-solid
More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
DEFCON 26
movies
eye 9
favorite 0
comment 0
There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 22
movies
eye 10
favorite 0
comment 0
Slides Here: /redirect?v=O8FQZIPkgZM&redir_token=aVin7Zq8YA0trdXKmcOe2sYMmRd8MTUzNzM5NTIyM0AxNTM3MzA4ODIz&event=video_description&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FGrand%2FDEFCON-22-Joe-Grand-Deconstructing-the-Circuit-Board-Sandwich.pdf Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering Joe Grand aka Kingpin GRAND IDEA STUDIO Printed Circuit Boards (PCBs), used within nearly every electronic product in...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 25
favorite 0
comment 0
What if your wireless mouse was an effective attack vector? Research reveals this to be the case for mice from Logitech, Microsoft, Dell, Lenovo, Hewlett-Packard, Gigabyte, and Amazon. Dubbed 'MouseJack', this class of security vulnerabilities allows keystroke injection into non-Bluetooth wireless mice. Imagine you are catching up on some work at the airport, and you reach into your laptop bag to pull out your phone charger. As you glance back at your screen, you see the tail end of an ASCII...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC24, DEFCON 24, DEF CON 2016,...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning and text-to-speech have shown that synthetic, high-quality audio of subjects can be generated using transcripted speech from the target. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Do you run web analytics on your websites, such as Google Analytics? If you were viewing your web analytics and noticed lots of traffic being referred to your website from an interesting domain, would you investigate? Wouldn’t you be curious as to why you were receiving this traffic and what it could mean? This sort of curiosity could be used against you! This talk will cover the intricacies of social engineering with web analytics! Come find out how the world wide web could be manipulated...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
Ubiquity or "Everything, Everywhere” - Apple uses this term describe iCloud related items and its availability across all devices. iCloud enables us to have our data synced with every Mac, iPhone, iPad, PC as well as accessible with your handy web browser. You can access your email, documents, contacts, browsing history, notes, keychains, photos, and more all with just a click of the mouse or a tap of the finger - on any device, all synced within seconds. Much of this data gets cached on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 24
movies
eye 16
favorite 0
comment 0
As bandwidth, computing power, and software advancements have improved over the years, we've begun to see larger and larger DDoS attacks against organizations. Often times these attacks employ techniques such as DNS Amplification to take advantage of servers with very large uplinks. This talk explores a similar technique targeting commonly used throughput testing software typically running on very large uplinks. We will explore the process of attacking this software, eventually compromising it...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies
eye 24
favorite 0
comment 0
If you’re interested in vulnerability research for fun or profit, or if you’re a beginner and you’re not sure how to progress, it can be difficult to sift through the firehose of technical information that’s out there. Plus there are all sorts of non-technical things that established researchers seem to just know. There are many different things to learn, but nobody really talks about the different paths you can take on your journey. We will provide an overview of key concepts in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 26
by DEFCONConference
movies
eye 20
favorite 0
comment 0
Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has...
Topics: Youtube, video, Science & Technology, DEF, CON, def con, DEF CON, DEFCON, DEF CON 26, DC26,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Enabling better communications between geeks and management. As humans, we have had 60,000 years to perfect communication, but those of us working in IT, regardless of which side (Blue or Red Team), still struggle with this challenge. We have done our best over the centuries to yell "FIRE!" in a manner befitting our surroundings, yet today we seem utterly incapable of providing that very basic communication capability inside organizations. This talk will endeavor to explain HOW we can...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 26
movies
eye 18
favorite 0
comment 0
The Automotive Exploitation Sandbox is a hands-on educational tool designed to provide stakeholders with little to no previous exposure to automotive security a hands-on experience with real hardware following a basic attack chain against a typical automotive development board. The attack chain provides instructions for the user to remotely exploit, escalate privilege, exfiltrate data, and modify memory using synthetic vulnerabilities placed on a remote test platform running an OS and hardware...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 22
movies
eye 10
favorite 0
comment 0
Slides Here: /redirect?v=d6VCri6sPnY&event=video_description&redir_token=-DGawUHPQPJY0BWOZ4Tn4EVbxZ98MTUzNzM5Nzg0NEAxNTM3MzExNDQ0&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FKallenberg%2FDEFCON-22-Corey-Kallenberg-Extreme-Privilage-Escalation.pdf Additional Materials available here:...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 7
favorite 0
comment 0
Slides Here: /redirect?event=video_description&v=dfi3AEvCL_E&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FBruno-Graziano%2FDEFCON-22-Luca-Bruno-Mariano-Graziano-looking-glass-Updated.pdf&redir_token=nzYHyGgDWHZTLEQ_Z_UBaUoXtft8MTUzNzM5NDExMUAxNTM3MzA3NzEx Through the Looking-Glass, and What Eve Found There Luca "kaeso" Bruno RESEARCH ENGINEER, EURECOM Mariano "emdel" Graziano PH.D. STUDENT, EURECOM Traditionally, network operators have...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 10
favorite 0
comment 0
Slides Here: /redirect?redir_token=4HYPndHHE4fCV-TlctceVNoQxAF8MTUzNzQwMDMxOEAxNTM3MzEzOTE4&v=qF06PFcezLs&q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FKazanciyan-Hastings%2FDEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf&event=video_description Investigating PowerShell Attacks Ryan Kazanciyan TECHNICAL DIRECTOR, MANDIANT Matt Hastings CONSULTANT, MANDIANT Over the past two years, we've seen targeted attackers increasingly...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 11
favorite 0
comment 0
The Internet of Things is filled with vulnerabilities, would you expect the Internet of Vibrating Things to be any different? As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover. Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Credentials have always served as a favorite target for advanced attackers, since these allow to efficiently traverse a network, without using any exploits. Moreover, compromising the network might not be sufficient, as attackers strive to obtain persistency, which requires the use of advanced techniques to evade the security mechanisms installed along the way. One of the challenges adversaries must face is: How to create threats that will continuously evade security mechanisms, and even if...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 8
favorite 1
comment 0
In this presentation I start off asking the question "How come there are only a handful of BSD security kernel bugs advisories released every year?" and then proceed to try and look at some data from several sources. It should come as no surprise that those sources are fairly limited and somewhat outdated. The presentation then moves on to try and collect some data ourselves. This is done by actively investigating and auditing. Code review, fuzzing, runtime testing on all 3 major BSD...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 26
movies
eye 11
favorite 0
comment 0
We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 22
movies
eye 15
favorite 0
comment 0
Slides here: /redirect?q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FLittlebury%2FDEFCON-22-Chris-Littlebury-Home-Alone-with-localhost.pdf&v=2IeU7Cck0hI&redir_token=GHmdcUQxe2eVHa3roWN5TJkWIT18MTUzNzM5ODE4NkAxNTM3MzExNzg2&event=video_description Home Alone with localhost: Automating Home Defense Chris Littlebury SENIOR PENETRATION TESTER, KNOWLEDGE CONSULTING GROUP, INC. Home automation is everywhere, and so are their exploits. This presentation will go...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 21
movies
eye 15
favorite 0
comment 0
So You Think Your Domain Controller is Secure? JUSTIN HENDRICKS SECURITY ENGINEER, MICROSOFT Domain Controllers are the crown jewels of an organization. Once they fall, everything in the domain falls . Organizations go to great lengths to secure their domain controllers, however they often fail to properly secure the software used to manage these servers. This presentation will cover unconventional methods for gaining domain admin by abusing commonly used management software that organizations...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 25
movies
eye 14
favorite 0
comment 0
One vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network will be presented. In the CSFB procedure, we found the authentication step is missing. This results in that an attacker can hijack the victim's communication. We named this attack as 'Ghost Telephonist'. Several exploitations can be made based on this vulnerability. When the call or SMS is not encrypted, or weakly encrypted, the attacker can impersonate the victim to receive the "Mobile Terminated" calls and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 21
movies
eye 13
favorite 0
comment 0
Building an Android IDS on Network Level JAIME SANCHEZ A3SEC Being popular is not always a good thing and hereís why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 24
movies
eye 21
favorite 0
comment 0
As introduced in our former series of talks ‘LTE vs. Darwin‘ there are quite a few of holes in the LTE specs. Now, having our own Macro BaseStation (an eNodeB) on the desk, we will demonstrate practical approaches to and attacks on real life devices. More and more devices are using mobile radio networks such as GSM, UMTS and LTE and there has already been quite a bit of research on (in)securities on the radio part, but only few people have had a look behind the scenes. Luckily, we had the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others. Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 21
movies
eye 12
favorite 0
comment 0
Defense by numbers: Making problems for script kiddies and scanner monkeys CHRIS JOHN RILEY On the surface most common browsers look the same, function the same, and deliver web content to the user in a relatively uniformed fashion. Under the shiny surface however, the way specific user agents handle traffic varies in a number of interesting and unique ways. This variation allows for defenders to play games with attackers and scripted attacks in a way that most normal users will never even see....
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 22
by DEFCONConference
movies
eye 8
favorite 0
comment 0
The thrilling conclusion to DEF CON's famous long-running drunken trivia smackdown. Source: https://www.youtube.com/watch?v=po9Cy0xaK9c Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), game show, hacker jeopardy,...
DEFCON 21
movies
eye 14
favorite 0
comment 0
Made Open: Hacking Capitalism TODD BONNEWELL MAN WITH A MESSAGE, MADEOPEN.COM The game is Capitalism. The rule makers are the banks, corporations and governments. This presentation is about playing a game that is rigged by the rule makers, and winning in such fashion that the game is never the same. If you like breaking things and building them back up, or are a person, please at least watch this at a later time. I forgive you for not attending, but you will not forgive yourself for missing it....
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Noise Floor: Exploring the world of unintentional radio emissions by Melissa Elliott Application security researcher, Veracode If it's electronic, it makes noise. Not necessarily noise that you and I can hear, of course -- unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal...
Topics: Youtube, video, Science & Technology, Security, Information Security (Software Genre), DC21,...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Golang is a pretty nifty language, and it's remarkably well suited for car hacking. SocketCAN provides a great framework for interacting with CAN devices, so why not use it from Go? We'll present an open source Go library for making SocketCAN easy, and show how to work with raw CAN and ISOTP data. Attendees will get all the info they need to start hacking CAN buses with Go. Source: https://www.youtube.com/watch?v=PlOj0Mt-2NM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 22
movies
eye 24
favorite 0
comment 0
Slides Here: /redirect?q=http%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FMolina%2FDEFCON-22-Jesus-Molina-Learn-how-to-control-every-room.pdf&v=RX-O4XuCW1Y&redir_token=00hZo8EVTjFTT6GySHzXfyMe9DJ8MTUzNzM5NTM3NkAxNTM3MzA4OTc2&event=video_description White paper Here:...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 25
by DEFCONConference
movies
eye 9
favorite 0
comment 0
Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us! In this talk, you'll hear from DEF CON's founder, Dark Tangent, who is also moderating the panel. Jayson E. Street, the Ambassador of DEF CON groups will also discuss updates about the program and share information from his global travel to...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise. While DACL misconfigurations can provide numerous paths that facilitate elevation...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON25, DEF CON 25, DC25, Dc-25, hacker...
DEFCON 26
movies
eye 9
favorite 0
comment 0
Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 24
movies
eye 8
favorite 0
comment 0
Description: You are being manipulated. There is constant pressure coming from companies, people, and attackers. Millions are spent researching and studying your weaknesses. The attack vectors are subtle. Most times we don’t realize that manipulation has occurred until it is too late. Fear not, we can harden our defenses. We can put safeguards in place to help avoid being the victim. For me, the answer came from an unlikely source: my daughter. Small children are fantastic. Society has not...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC-24, DC24, DEFCON, social...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 4
favorite 0
comment 0
Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 25
movies
eye 7
favorite 0
comment 0
It’s no secret that trying to change corporate culture is hard. This is primarily due to the fact that large corporations are complex systems and fundamentally averse to change. This reluctance is rooted in a systematic misalignment of shared vision, shared values, and shared culture within the organization. This talk defines a new method of business transformation by illustrating how to effectively influence corporate cultures towards collective action. To achieve that end, we outline an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 24
movies
eye 14
favorite 0
comment 0
Active Directory domain privilege escalation is a critical component of most penetration tests and red team assessments, but standard methodology dictates a manual and often tedious process – gather credentials, analyze new systems we now have admin rights on, pivot, and repeat until we reach our objective. Then — and only then — we can look back and see the path we took in its entirety. But that may not be the only, nor shortest path we could have taken. By combining our concept of...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Today there is practically a year-round CTF circuit, on which teams hone their skills, win prizes and attain stature. For many, the ultimate goal is to dominate in the utmost competition, DEF CON's CTF, and walk away with a coveted black badge. Capture-the-Flag (CTF) is one of DEF CON's oldest contests, dating back to DEF CON 4. Over the past decades, the perennial contest has matured into an annual event requiring months of preparation and nearly continuous dedication both of players and...
Topics: Youtube, video, Science & Technology, def con, dc25, defcon, def con 25, dc-25, hack, hacking,...
DEFCON 23
movies
eye 3
favorite 0
comment 0
At the end of 2013, an international export control regime known as the Wassenaar Arrangement was updated to include controls on technology related to “Intrusion Software" and “IP Network Surveillance Systems." Earlier this year, the US Government announced a draft interpretation of these new controls, which has kicked off a firestorm of controversy within the information security community. Questions abound regarding what the exact scope of the proposed rules is, and what impact...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC-23, DC23, hack,...
DEFCON 24
movies
eye 7
favorite 0
comment 0
I got myself a new toy: A solar array… With it, a little device by a top tier manufacturer that manages its performance and reports SLAs to the cloud. After spending a little time describing why it tickled me pink, I’ll walk you through my research and yes, root is involved! Armed with the results of this pen test, we will cover the vendor’s reaction to the bee sting: ostrich strategy, denial, panic, shooting the messenger and more. Finally, not because I know you get it, but because the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
by DEFCONConference
movies
eye 19
favorite 0
comment 0
How to use CSP to stop XSS KENNETH LEE PRODUCT SECURITY ENGINEER, ETSY INC. Crosssite scripting attacks have always been a mainstay of the OWASP Top 10 list. The problem with detecting XSS is that you can't go looking at web log traffic to determine if a request contains an actual cross site scripting attack attempt, much less one that will actually succeed against your defenses. Our work has helped reveal some nuances with implementing content security policy to help detect and prevent XSS...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 26
movies
eye 9
favorite 0
comment 0
Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer? Admins are gradually using better methods like two-factor and more secure...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 23
by DEFCONConference
movies
eye 19
favorite 0
comment 0
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 22
by DEFCONConference
movies
eye 2
favorite 0
comment 0
Brent White - Corporate Espionage - Gathering Actionable Intelligence Via Covert Operations Source: https://www.youtube.com/watch?v=D2N6FclMMTg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 21
movies
eye 18
favorite 0
comment 0
The Road Less Surreptitiously Traveled PUKINGMONKEY Anonymously driving your own vehicle is becoming unattainable with the proliferation of automatic license plate readers (ALPRs) now coming into wide-spread use. Combined with always-on electronic toll tags, smart phone traffic apps and even plain cell phones are adding to this problem. There is little public disclosure of this tracking and little legislation limiting the length of time data is retained, even if it is not involved in any...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 25
movies
eye 8
favorite 0
comment 0
GoTenna is a wireless communication tool, popular for providing encrypted "off-the-grid" communications on unlicensed MURS channels. Using SDR, GNU Radio, and scapy we developed a tool to capture packets from all the channels, simultaneously. This allowed us to characterize device behavior, study the packet protocol, and passively monitor communications. In this talk, we will explain or methodologies, demonstrate our tools live, and show how to preform link analysis: who is talking...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 18
favorite 0
comment 0
At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 24
movies
eye 18
favorite 0
comment 0
Meet the Feds panel Source: https://www.youtube.com/watch?v=EPIVjqExh9s Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
by DEFCONConference
movies
eye 9
favorite 0
comment 0
The Dark Tangent and GOONS end the conference with closing ceremonies and awards. Source: https://www.youtube.com/watch?v=w39MZsBCBi8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 22
by DEFCONConference
movies
eye 13
favorite 0
comment 0
Night 2 of Hacker Pyramid's last hurrah. Source: https://www.youtube.com/watch?v=BQEHElSwXUM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON 22, hackers, las vegas, game show
DEFCON 24
movies
eye 4
favorite 0
comment 0
Tor is a widely used anonymity network that protects users' privacy and and identity from corporations, agencies and governments. However, Tor remains a practical system with a variety of limitations, some of which were indeed exploited in the recent past. In particular, Tor's security relies on the fact that a substantial number of its nodes do not misbehave. Previous work showed the existence of malicious participating Tor relays. For example, there are some Exit nodes that actively interfere...
Topics: Youtube, video, Science & Technology
DEFCON 21
movies
eye 9
favorite 0
comment 0
HiveMind: Distributed File Storage Using JavaScript Botnets SEAN MALONE PRINCIPAL SECURITY CONSULTANT, FUSIONX Some data is too sensitive or volatile to store on systems you own. What if we could store it somewhere else without compromising the security or availability of the data, while leveraging intended functionality to do so? This presentation will cover the methodology and tools required to create a distributed file store built on top of a JavaScript botnet. This type of data storage...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 9
favorite 0
comment 0
The Politics of Privacy and Technology: Fighting an Uphill Battle ERIC FULTON CEO, SUBSECTOR SOLUTIONS DANIEL ZOLNIKOV STATE REPRESENTATIVE, MONTANA In the past few decades the world has been dramatically transformed by technology. People have significantly evolved in how they interact with each other and the world; a side effect of this evolution is the drastic change in personal privacy. Private citizens, corporations, and governments all have different ideas on what privacy means and what...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 22
movies
eye 11
favorite 0
comment 0
Slides Here: /redirect?v=OD2Wxe4RLeU&event=video_description&q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FFitzpatrick-Crabill%2FDEFCON-22-Joe-FitzPatrick-Miles-Crabill-NSA-Playset-PCIe.pdf&redir_token=5TF4z_MZtYSWX_LT6dQGAwXBwHV8MTUzNzM5NTE1NEAxNTM3MzA4NzU0 NSA Playset: PCIe Joe FitzPatrick HARDWARE SECURITY RESOURCES, LLC Miles Crabill SECURITY RESEARCHER Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces,...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 13
favorite 0
comment 0
Slides here: /redirect?v=mBOLml3yLBY&redir_token=9xPQ6LNY2eXxo71_iYvHwQ4vUfR8MTUzNzM5ODEyM0AxNTM3MzExNzIz&q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FQuaddi-R3plicant-Hefley%2FDEFCON-22-Quaddi-R3plicant-Hefley-Hacking-911-UPDATED.pdf&event=video_description Hacking 911: Adventures in Disruption, Destruction, and Death Christian “quaddi” Dameff MD Jeff “r3plicant” Tully MD Peter Hefley SENIOR MANAGER - SUNERA Ever wonder what you would do if...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 7
favorite 0
comment 0
Slides Here:/redirect?redir_token=7qOvijcEYFsFAy_eNasKzt3FrGl8MTUzNzM5OTQ2OEAxNTM3MzEzMDY4&event=video_description&v=IFNb3ciJZkQ&q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FMcGrew%2FDEFCON-22-Wesley-McGrew-Instrumenting-Point-of-Sale-Malware.pdf Additional Materials available:...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 7
favorite 0
comment 0
Slides Here: /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FDrapeau-Dukes%2FDEFCON-22-Drapeau-Dukes-Steganography-in-Commonly-Used-HF-Radio-Protocols-UPDATED.pdf&redir_token=pTAdg2IHb51r5azG3NjTX7HdTAx8MTUzNzM5NzI2NEAxNTM3MzEwODY0&v=X72vwxQ8B84&event=video_description Additional Extra Materials are available here:...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
by DEFCONConference
movies
eye 6
favorite 0
comment 0
Closing Ceremonies, Results from several contests, closing remarks, thank you's and plans for DEF CON 23. Source: https://www.youtube.com/watch?v=wbjRjgJi3MI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON Video Series, DEFCON...
DEFCON 22
movies
eye 6
favorite 0
comment 0
Panel: Ephemeral Communications: Why and How? Ryan Lackey Founder, CryptoSeal, Inc. Jon Callas Silent Circle Elissa Shevinsky Glimpse Possibly more to come..... Ephemeral communications applications are increasingly popular ways, especially among younger users, to communicate online. In contrast to “once it’s on the Internet, it’s forever”, these applications promise to delete information rapidly, or to maintain anonymity indefinitely, lowering inhibitions to share sensitive or personal...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 8
favorite 0
comment 0
Slides here: /redirect?redir_token=uw9ninDPmKhxrkbWabIg2oj2doV8MTUzNzM5NzQwM0AxNTM3MzExMDAz&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FLitchfield%2FDEFCON-22-David-Litchfield-Oracle-Data-Redaction-is-Broken.pdf&v=L6Fc9S0xUtY&event=video_description Oracle Data Redaction is Broken David Litchfield SECURITY SPECIALIST, DATACOM TSS The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows sensitive data, such as PII, to be...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
movies
eye 6
favorite 0
comment 0
David Kennedy - Destroying Education and Awareness Programs Source: https://www.youtube.com/watch?v=vcA6dLl5Sa4 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 26
movies
eye 11
favorite 0
comment 0
We all protect our home networks, but how safe is your data once it leaves on its journey to the latest cat pictures? How does your traffic make it to its destination and what threats does it face on its way? What is BGP and why should you care? In this talk, I'll explain the basic structure of the network that is the Internet and the trust relationships on which it is built. We'll explore several types of attacks that you may have seen in the news that exploit this relationship to bring down...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 23
movies
eye 2
favorite 0
comment 0
Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, DC 23, hack,...
DEFCON 22
movies
eye 7
favorite 0
comment 0
Slides Here: /redirect?v=EDci2gb3ruQ&event=video_description&redir_token=_kdMqniTkcGjjzMaUo8m8SajbKF8MTUzNzM5OTM5OEAxNTM3MzEyOTk4&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FHecker%2FDEFCON-22-Weston-Hecker-Burner-Phone-DDOS-UPDATED.pdf Burner Phone DDOS 2 dollars a day : 70 Calls a Minute Weston Hecker SR SYSTEMS SECURITY ANALYST/ NETWORK SECURITY Phone DDOS research. Current proof of concept is dealing with Samsung SCH-U365 QUALCOMM prepaid Verizon...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 7
favorite 0
comment 0
With the rise of the Internet of Things, the line between the physical and the digital is growing ever more hazy. Devices that once only existed in the tangible world are now accessible by anyone with a network connection. Even physical security systems, a significant part of any large organization’s overall security posture, are being given network interfaces to make management and access more convenient. But that convenience also significantly increases the risk of attack, and hacks that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Meow will be presenting on the capabilities for biological weapons that are currently able to be produced in home or community bio labs. He will explore the role that emerging technologies play in drastically reducing the technological and cost barriers to creating these constructs, and suggest ways that legislation and regulation may be employed to ensure maximum freedoms and innovation coupled with effective monitoring. Make sure to get your vaccinations before attending please. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=x1RmNXQAydg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies
eye 16
favorite 0
comment 0
On April 24, 2015, Apple launched themselves into the wearables category with the introduction of Apple Watch. This June, at Apple's Worldwide Developer Conference, Apple announced that their watch is not only the #1 selling smartwatch worldwide by far, but also announced the introduction of new capabilities that will come with the release of watchOS 4. Like other devices, Apple Watch contains highly sensitive user data such as email and text messages, contacts, GPS and more, and like other...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 25, DEFCON, DC25, DC-25, hack, hacker,...
DEFCON 25
movies
eye 13
favorite 0
comment 0
In 2015, BBC sponsored Micro:Bit was launched and offered to one million students in the United Kingdom to teach them how to code. This device is affordable and have a lot of features and can be programmed in Python rather than C++ like the Arduino. When we discovered this initiative in 2016, we quickly thought it was possible to turn this tiny device into some kind of super-duper portable wireless attack tool, as it is based on a well-known 2.4GHz RF chip produced by Nordic Semiconductor. It...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 25, DEFCON2017, DC25, DEF CON...
DEFCON 25
movies
eye 8
favorite 0
comment 0
The Justice Department and white hat hackers have frequently worked side-by-side to stop malware from destroying computers around the globe. This talk would explain how vulnerabilities can be exploited to create something as large, powerful, and potentially destructive as a botnet but also how technology can be leveraged to combat botnets. This talk would provide a basic explanation of botnets and describe how the combined efforts of white hat hackers and law enforcement have identified...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=gCMEi7gTh0A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 3
favorite 0
comment 0
Vehicle-to-vehicle (V2V) and, more generally, vehicle-to-everything (V2X) wireless communications enable semi-autonomous driving via the exchange of state information between a network of connected vehicles and infrastructure units. Following 10+ years of standards development, particularly of IEEE 802.11p and the IEEE 1609 family, a lack of available implementations has prevented the involvement of the security community in development and testing of these standards. Analysis of the WAVE/DSRC...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Attention Red Teamers, Penetration Testers, and Offensive Security Operators, isn't the overhead of fighting attribution, spinning up infrastructure, and having to constantly re-write malware an absolute pain and timesink!?! It was for us too, so we're fixing that for good (well, maybe for evil). Join us for the public unveiling and open source release of our latest project, MEATPISTOL, a modular malware framework for implant creation, infrastructure automation, and shell interaction. This...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Over the next ten years, blockchain and distributed ledger technologies will fundamentally change the delivery of care around the globe. The blockchain provides a technical framework where trust is moved from central controlling intermediaries to the open source protocol, freeing data and assets from the control of traditional corporate interests. The great hope is that this evolution will result in the empowerment of consumers, communities, and markets centered on sustainable wellness and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=k0mRkhbptiA Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Portia: it's a new tool we have written at SpiderLabs to aid in internal penetration testing test engagements. The tool allows you to supply a username and password that you have captured and cracked from Responder or other sources as well as an IP ranges, subnet or list of IP addresses. The tool finds its way around the network and attempts to gain access into the hosts, finds and dumps the passwords/hashes, reuses them to compromise other hosts in the network. In short, the tool helps with...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 22
movies
eye 10
favorite 0
comment 0
Slides Here: /redirect?v=rz0SNEFZ8h0&event=video_description&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FTal%2FDEFCON-22-Shahar-TaI-I-hunt-TR-069-admins-UPDATED.pdf&redir_token=eyh5zWmonhLFMBzYracghdLElNl8MTUzNzM5OTk4NUAxNTM3MzEzNTg1 I Hunt TR-069 Admins: Pwning ISPs Like a Boss Shahar Tal SECURITY & VULNERABILITY RESEARCH TEAM LEADER, CHECK POINT SOFTWARE TECHNOLOGIES Residential gateway (/SOHO router) exploitation is a rising trend in the security...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 23
movies
eye 27
favorite 0
comment 0
Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DC-23, DEFCON, hack,...
DEFCON 26
movies
eye 21
favorite 0
comment 0
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, security...
DEFCON 24
movies
eye 23
favorite 0
comment 0
In this talk, we’ll cover some novel USB-level attacks, that can provide remote command and control of, even air-gapped machines, with a minimal forensic footprint, and release an open-source toolset using freely available hardware. In 2000, Microsoft published its 10 Immutable laws of security [1]. One of which was “if a bad guy has unrestricted access to your computer, it’s not your computer anymore.” This has been robustly demonstrated over the years. Examples include numerous...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 16
favorite 0
comment 0
Koadic C3, or COM Command & Control, is a Windows post-exploitation tool similar to other penetration testing rootkits such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using the Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10. An in-depth view of default COM...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 29
favorite 0
comment 0
Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy. I wrote...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 22
movies
eye 14
favorite 0
comment 0
Slides Here: /redirect?redir_token=3rjJ4SjJ6x4RaqJaSPdnl7uaogt8MTUzNzM5NjM0OEAxNTM3MzA5OTQ4&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FSmith-Perrymon%2FDEFCON-22-Smith-Perrymon-All-Your-Badges-Are-Belong-To-Us-UPDATED.pdf&v=EEGxifOAk48&event=video_description Advanced Red Teaming: All Your Badges Are Belong To Us Eric Smith SENIOR PARTNER, PRINCIPAL SECURITY CONSULTANT AT LARES Josh Perrymon SENIOR ADVERSARIAL ENGINEER AT LARES By definition ”Red...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Psychographic targeting and the so called "Weaponized AI Propaganda Machine" have been blamed for swaying public opinion in recent political campaigns. But how effective are they? Why are people so divided on certain topics? And what influences their views? This talk presents the results of five studies exploring each of these questions. The studies examined authoritarianism, threat perception, personality-targeted advertising and biases in relation to support for communication...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEFCON25, DEF CON 25, DEFCON2017, hack,...
DEFCON 25
movies
eye 15
favorite 0
comment 0
Traditional techniques for C2 channels, exfiltration, surveillance, and exploitation are often frustrated by the growing sophistication and prevalence of security protections, monitoring solutions, and controls. Whilst all is definitely not lost, from an attacker's perspective - we constantly see examples of attackers creatively bypassing such protections - it is always beneficial to have more weapons in one's arsenal, particularly when coming up against heavily-defended networks and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 22
movies
eye 7
favorite 0
comment 0
Slides here; /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FGorenc-Molinyawe%2FDEFCON-22-Brian-Gorenc-Matt-Molinyawe-Blowing-Up-The-Celly-UPDATED.pdf&event=video_description&v=zn6D-iVcRwg&redir_token=Sp7sGtEQmqIjp5uokH8AcXY9weF8MTUzNzM5ODYxOEAxNTM3MzEyMjE4 Blowing up the Celly - Building Your Own SMS/MMS Fuzzer Brian Gorenc ZERO DAY INITIATIVE, HP SECURITY RESEARCH Matt Molinyawe ZERO DAY INITIATIVE, HP SECURITY RESEARCH Every time you hand out...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Closing Ceremonies Source: https://www.youtube.com/watch?v=Ly7uurZ2d9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 23
movies
eye 17
favorite 0
comment 0
Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hackers,...
DEFCON 24
by DEFCONConference
movies
eye 22
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=A9ew4jdLjYY Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, def con, defcon, defcon 24, def con 24, conference,...
DEFCON 21
by DEFCONConference
movies
eye 9
favorite 0
comment 0
EMET 4.0 PKI Mitigation NEIL SIKKA SOFTWARE SECURITY ENGINEER, MICROSOFT Microsoft EMET is a free Mitigation tool. In addition to its memory corruption exploit mitigations, a newly introduced feature is the PKI mitigation. This mitigation implements x509 certificate pinning to prevent usage of forged certificates in HTTPS sessions in the web browser. This talk is technical as it demos EMET in action and explains how the PKI mitigation works. Neil Sikka (@neilsikka) is a computer security...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 23
by DEFCONConference
movies
eye 61
favorite 1
comment 0
When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure the risk represented by a given vulnerability. When pen testers find holes in an organization, is it really “ZOMG, you’re SO 0WNED!” or is it something more manageable and controlled? When you’re attempting to convince the boss of the necessity of the latest security technology, how do really rank the importance of the technology...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC 23, DEFCON, DC-23, hack, hacker,...
DEFCON 24
by DEFCONConference
movies
eye 9
favorite 0
comment 0
Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online, encryption (and backdoors), and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Evolving Exploits Through Genetic Algorithms SOEN HACKER FOR TEAM VANNED This talk will discuss the next logical step from dumb fuzzing to breeding exploits via machine learning & evolution. Using genetic algorithms, this talk will take simple SQL exploits and breed them into precision tactical weapons. Stop looking at SQL error messages and carefully crafting injections, let genetic algorithms take over and create lethal exploits to PWN sites for you! soen (@soen_vanned) is a reverse...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 22
movies
eye 18
favorite 0
comment 0
Slides here: /redirect?redir_token=gparawKN7p4dnM-K1cAo3_IYS_18MTUzNzM5NjQ5MUAxNTM3MzEwMDkx&event=video_description&v=7AAilkNRQAw&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FBursztein%2FDEFCON-22-Celine-and-Elie-Bursztein-I-am-a-legend-UPDATED.pdf I am a legend: Hacking Hearthstone with machine learning Elie Bursztein SECURITY RESEARCHER, GOOGLE Celine Bursztein FOUNDER, PETSQUARE Want to become a legend at Hearthstone -- Blizzard's new blockbuster...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 21
movies
eye 10
favorite 0
comment 0
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DOUG DEPERRY SENIOR SECURITY CONSULTANT, ISEC PARTNERS TOM RITTER SENIOR SECURITY CONSULTANT, ISEC PARTNERS I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don't even know you're connected to me. Welcome to...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...